clamav-milter.conf(5)


NAME

   clamav-milter.conf - Configuration file for clamav-milter

DESCRIPTION

   clamav-milter.conf  contains  the  configuration  options  for  clamav-
   milter(8).

FILE FORMAT

   The file consists of comments and options  with  arguments.  Each  line
   which  starts  with a hash (#) symbol is ignored by the parser. Options
   and arguments are case sensitive and of the form Option  Argument.  The
   arguments are of the following types:

   BOOL   Boolean value (yes/no or true/false or 1/0).

   STRING String without blank characters.

   SIZE   Size  in  bytes.  You can use 'M' or 'm' modifiers for megabytes
          and 'K' or 'k' for kilobytes.

   NUMBER Unsigned integer.

MAIN OPTIONS

   Example
          If this option is set clamav-milter will not run.

   MilterSocket STRING
          Define the interface through which we communicate with sendmail.
          This option is mandatory!
          Possible formats are:
          [[unix|local]:]/path/to/file - to specify a unix domain socket
          inet:port@[hostname|ip-address] - to specify an ipv4 socket
          inet6:port@[hostname|ip-address] - to specify an ipv6 socket
          Default: unset

   MilterSocketGroup STRING
          Define the group ownership for the (unix) milter socket.
          Default: disabled (the primary group of the user running clamd)

   MilterSocketMode STRING
          Sets  the  permissions  on  the  (unix)  milter  socket  to  the
          specified mode.
          Default: disabled (obey umask)

   FixStaleSocket BOOL
          Remove stale socket after unclean shutdown.
          Default: yes

   User STRING
          Run as another user (clamav-milter must be started by  root  for
          this option to work)
          Default: unset (dont drop privileges)

   ReadTimeout NUMBER
          Waiting  for  data  from  clamd  will  timeout  after  this time
          (seconds).
          Default: 120

   Foreground BOOL
          Dont fork into background.
          Default: no

   Chroot STRING
          Chroot to the specified directory. Chrooting is  performed  just
          after reading the config file and before dropping privileges.
          Default: unset (dont chroot)

   PidFile STRING
          Save  the process identifier of a clamav-milter (main thread) to
          a specified file.
          Default: disabled

   TemporaryDirectory STRING
          Optional path to the global temporary directory.
          Default: system specific (usually /tmp or /var/tmp).

CLAMD OPTIONS

   ClamdSocket STRING
          Define the clamd socket to connect to for scanning. This  option
          is mandatory! Syntax:
          ClamdSocket unix:path
          ClamdSocket tcp:host:port
          The  first  syntax  specifies  a  local  unix  socket  (needs an
          absolute path) e.g.:
          ClamdSocket unix:/var/run/clamd/clamd.socket
          The second syntax specifies a tcp local or  remote  tcp  socket:
          the  host  can be a hostname or an ip address; the ":port" field
          is only required for IPv6 addresses, otherwise  it  defaults  to
          3310 e.g.:
          ClamdSocket tcp:192.168.0.1
          This option can be repeated several times with different sockets
          or even with the same socket: clamd servers will be selected  in
          a round-robin fashion.
          Default: no default

EXCLUSIONS

   LocalNet STRING
          Messages  originating  from  these  hosts/networks  will  not be
          scanned. This  option  takes  a  host(name)/mask  pair  in  CIRD
          notation  and  can  be  repeated  several  times.  If "/mask" is
          omitted, a host is assumed. To specify a locally orignated, non-
          smtp, email use the keyword "local"
          Default: unset (scan everything regardless of the origin)

   Whitelist STRING
          This  option  specifies  a  file  which contains a list of basic
          POSIX regular expressions. Addresses (sent  to  or  from  -  see
          below)  matching these regexes  will not be scanned.  Optionally
          each line can start with the string "From:" or "To:"  (note:  no
          whitespace  after the colon) indicating if it is,  respectively,
          the sender or recipient that is to be whitelisted. If the  field
          is missing, "To:" is assumed.  Lines starting with #, : or ! are
          ignored.
          Default: unset (no exclusion applied)

   SkipAuthenticated STRING
          Messages from authenticated SMTP users  matching  this  extended
          POSIX  regular  expression (egrep-like) will not be scanned.  As
          an alternative, a file containing a plain (not  regex)  list  of
          names  (one per line) can be specified using the prefix "file:".
          e.g. SkipAuthenticated file:/etc/good_guys. Note:  this  is  the
          AUTH login name!
          Default: unset (no whitelisting based on SMTP auth)

   MaxFileSize SIZE
          Messages larger than this value wont be scanned. Make sure this
          value is lower or equal than StreamMaxLength in clamd.conf
          Default: 25M

ACTIONS

   The following group of options controls  the  delievery  process  under
   different circumstances. The following actions are available:
   - Accept: The message is accepted for delievery
   -  Reject: Immediately refuse delievery (a 5xx error is returned to the
   peer)
   - Defer: Return a temporary failure message (4xx) to the peer
   - Blackhole (not available for OnFail): Like Accept but the message  is
   sent to oblivion
   -  Quarantine  (not  available  for OnFail): Like Accept but message is
   quarantined  instead  of  being  delivered.  NOTE:  In   Sendmail   the
   quarantine queue can be examined via mailq -qQ. For Postfix this causes
   the message to be placed on hold.

   OnClean STRING
          Action to be performed on  clean  messages  (mostly  useful  for
          testing)
          Default: Accept

   OnInfected STRING
          Action to be performed on infected messages
          Default: Quarantine

   OnFail STRING
          Action  to  be  performed  on  error  conditions  (this includes
          failure to allocate  data  structures,  no  scanners  available,
          network timeouts, unknown scanner replies and the like)
          Default: Defer

   RejectMsg STRING
          This  option  allows  you to set a specific rejection reason for
          infected messages and its therefore only useful  together  with
          "OnInfected  Reject".  The  string  "%v",  if  present,  will be
          replaced with the virus name.
          Default: MTA specific

   AddHeader STRING
          If this option is set to  "Replace"  (or  "Yes"),  an  "X-Virus-
          Scanned"  and  an  "X-Virus-Status"  headers will be attached to
          each processed message, possibly replacing existing headers.  If
          it  is set to Add, the X-Virus headers are added possibly on top
          of the existing ones. Note that while "Replace" can  potentially
          break  DKIM  signatures,  "Add" may confuse procmail and similar
          filters.
          Default: no

   ReportHostname STRING
          When AddHeader is in use, this option  allows  you  to  set  the
          reported  hostname.  This  may  be  desirable  in order to avoid
          leaking internal names. If unset the real machine name is used.
          Default: disabled

   VirusAction STRING
          Execute a command (possibly searching  PATH)  when  an  infected
          message  is  found.  The  following parameters are passed to the
          invoked program in this order: virus  name,  queue  id,  sender,
          destination,  subject,  message  id, message date. Note #1: this
          requires MTA macroes to be available  (see  LogInfected  below).
          Note #2: the process is invoked in the context of clamav-milter.
          Note #3: clamav-milter will wait for the  process  to  exit.  Be
          quick or fork to avoid unnecessary delays in email delievery.
          Default: disabled

LOGGING OPTIONS

   LogFile STRING
          Enable logging to selected file.
          Default: no

   LogFileUnlock BOOL
          Disable  a  system lock that protects against running clamd with
          the same configuration file multiple times.
          Default: no

   LogFileMaxSize SIZE
          Limit the size of the log file. The logger will be automatically
          disabled  if  the file is greater than SIZE. Value of 0 disables
          the limit.
          Default: 1M

   LogTime BOOL
          Log time for each message.
          Default: no

   LogSyslog BOOL
          Use system logger (can work together with LogFile).
          Default: no

   LogFacility STRING
          Specify the type of syslog  messages  -  please  refer  to  'man
          syslog' for facility names.
          Default: LOG_LOCAL6

   LogVerbose BOOL
          Enable verbose logging.
          Default: no

   LogInfected STRING
          This  option allows you to tune what is logged when a message is
          infected. Possible values are Off  (the  default  -  nothing  is
          logged), Basic (minimal info logged), Full (verbose info logged)
          Note:  For  this  to  work  properly  in sendmail, make sure the
          msg_id, mail_addr, rcpt_addr and i macroes are available in eom.
          In  other  words  add  a  line like: Milter.macros.eom={msg_id},
          {mail_addr}, {rcpt_addr}, i to your .cf file. Alternatively  use
          the     macro:     define(`confMILTER_MACROS_EOM',    `{msg_id},
          {mail_addr}, {rcpt_addr}, i')
          Postfix should be working fine with the default settings.
          Default: disabled

   LogClean STRING
          This option allows you to tune what is logged when no threat  is
          found in a scanned message.
          See LogInfected for possible values and caveats.
          Useful in debugging but drastically increases the log size.
          Default: disabled

   SupportMultipleRecipients BOOL
          This  option  affects the behaviour of LogInfected, LogClean and
          VirusAction  when a message with multiple recipients is scanned:
          If SupportMultipleRecipients  is  off  (the  default)  then  one
          single  log  entry is generated for the message and, in case the
          message is determined to be malicious, the command indicated  by
          VirusAction  is  executed just once. In both cases only the last
          recipient is reported.
          If SupportMultipleRecipients is on then one line is  logged  for
          each  recipient and the command indicated by VirusAction is also
          executed once for each recipient.
          Note: although it's probably a good idea to enable this  option,
          the default value is currently set to off for legacy reasons.
          Default: no

NOTES

   All  options expressing a size are limited to max 4GB. Values in excess
   will be resetted to the maximum.

FILES

   /etc/clamav/clamav-milter.conf

AUTHOR

   aCaB <acab@clamav.net>

SEE ALSO

   clamav-milter(8), clamd(8), clamd.conf(5)





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.