summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Arendsen Hein <thomas@intevation.de>2007-02-14 17:44:17 (GMT)
committerThomas Arendsen Hein <thomas@intevation.de>2007-02-14 17:44:17 (GMT)
commit47cffcdd2f9686792ccde3cfe6671e68c4680636 (patch)
treedf24ae8175df31009b6e82657846150d69436e44
parent1588e62236802318011092b540a90e7809b2cff3 (diff)
downloadkolab-conf-47cffcdd2f9686792ccde3cfe6671e68c4680636.tar.gz
Added clamav 0.90 with new config templates, release-notes and obmtool.conf
-rw-r--r--conf/templates/clamd.conf.template.in214
-rw-r--r--conf/templates/freshclam.conf.template.in54
2 files changed, 163 insertions, 105 deletions
diff --git a/conf/templates/clamd.conf.template.in b/conf/templates/clamd.conf.template.in
index 9c9071a..0bf842f 100644
--- a/conf/templates/clamd.conf.template.in
+++ b/conf/templates/clamd.conf.template.in
@@ -25,10 +25,10 @@ LogFile @clamav_logfile@
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
-# Default: disabled
-#LogFileUnlock
+# Default: no
+#LogFileUnlock yes
-# Maximal size of the log file.
+# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
@@ -37,17 +37,17 @@ LogFile @clamav_logfile@
#LogFileMaxSize 2M
# Log time with each message.
-# Default: disabled
-LogTime
+# Default: no
+LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
-# Default: disabled
-#LogClean
+# Default: no
+#LogClean yes
# Use system logger (can work together with LogFile).
-# Default: disabled
-#LogSyslog
+# Default: no
+#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
@@ -55,8 +55,8 @@ LogTime
#LogFacility LOG_MAIL
# Enable verbose logging.
-# Default: disabled
-#LogVerbose
+# Default: no
+#LogVerbose yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
@@ -75,22 +75,22 @@ DatabaseDirectory @clamav_datadir@
# recommend the local mode.
# Path to a local socket file the daemon will listen on.
-# Default: disabled
+# Default: disabled (must be specified by a user)
LocalSocket @clamav_socket@
# Remove stale socket after unclean shutdown.
-# Default: disabled
-FixStaleSocket
+# Default: no
+FixStaleSocket yes
# TCP port address.
-# Default: disabled
+# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
-# Default: disabled
+# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
@@ -101,8 +101,8 @@ FixStaleSocket
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
-# Close the connection if this limit is exceeded.
-# The value should match your MTA's limit for a maximal attachment size.
+# Close the connection when the data size limit is exceeded.
+# The value should match your MTA's limit for a maximum attachment size.
# Default: 10M
#StreamMaxLength 20M
@@ -112,7 +112,7 @@ FixStaleSocket
# Default: 2048
#StreamMaxPort 32000
-# Maximal number of threads running at the same time.
+# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
@@ -125,105 +125,146 @@ FixStaleSocket
# Default: 30
#IdleTimeout 60
-# Maximal depth directories are scanned at.
+# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
-# Default: disabled
-#FollowDirectorySymlinks
+# Default: no
+#FollowDirectorySymlinks yes
# Follow regular file symlinks.
-# Default: disabled
-#FollowFileSymlinks
+# Default: no
+#FollowFileSymlinks yes
-# Perform internal sanity check (database integrity and freshness).
+# Perform a database check.
# Default: 1800 (30 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
-# be replaced by a virus name.
-# Default: disabled
-#VirusEvent @bindir@/send_sms 123456789 "VIRUS ALERT: %v"
+# be replaced with the virus name.
+# Default: no
+#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
-# Run as a selected user (clamd must be started by root).
-# Default: disabled
+# Run as another user (clamd must be started by root to make this option
+# working).
+# Default: don't drop privileges
User @clamav_rusr@
# Initialize supplementary group access (clamd must be started by root).
-# Default: disabled
-#AllowSupplementaryGroups
+# Default: no
+#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
-#ExitOnOOM
+#ExitOnOOM yes
# Don't fork into background.
-# Default: disabled
-#Foreground
+# Default: no
+#Foreground yes
# Enable debug messages in libclamav.
-# Default: disabled
-#Debug
+# Default: no
+#Debug yes
# Do not remove temporary files (for debug purposes).
-# Default: disabled
-#LeaveTemporaryFiles
-
+# Default: no
+#LeaveTemporaryFiles yes
-# By default clamd uses scan options recommended by libclamav. This option
-# disables recommended options and allows you to enable selected ones below.
-# DO NOT TOUCH IT unless you know what you are doing.
-# Default: disabled
-#DisableDefaultScanOptions
+# In some cases (eg. complex malware, exploits in graphic files, and others),
+# ClamAV uses special algorithms to provide accurate detection. This option
+# controls the algorithmic detection.
+# Default: yes
+#AlgorithmicDetection yes
##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format used
-# in all 32-bit versions of Windows operating systems. This option allows
+# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
-# Default: enabled
-#ScanPE
+# Default: yes
+#ScanPE yes
-# With this option clamav will try to detect broken executables and mark
-# them as Broken.Executable
-# Default: disabled
-#DetectBrokenExecutables
+# Executable and Linking Format is a standard format for UN*X executables.
+# This option allows you to control the scanning of ELF files.
+# Default: yes
+#ScanELF yes
+
+# With this option clamav will try to detect broken executables (both PE and
+# ELF) and mark them as Broken.Executable.
+# Default: no
+#DetectBrokenExecutables yes
##
## Documents
##
-# This option enables scanning of Microsoft Office document macros.
-# Default: enabled
-#ScanOLE2
+# This option enables scanning of OLE2 files, such as Microsoft Office
+# documents and .msi files.
+# Default: yes
+#ScanOLE2 yes
##
## Mail files
##
# Enable internal e-mail scanner.
-# Default: enabled
-#ScanMail
+# Default: yes
+#ScanMail yes
# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
-# Default: disabled
-#MailFollowURLs
-
+# Default: no
+#MailFollowURLs no
+
+# Recursion level limit for the mail scanner.
+# Default: 64
+#MailMaxRecursion 128
+
+# With this option enabled ClamAV will try to detect phishing attempts by using
+# signatures.
+# Default: yes
+#PhishingSignatures yes
+
+
+# Scan urls found in mails for phishing attempts.
+# (available in experimental builds only)
+# Default: yes
+#PhishingScanURLs yes
+
+# Use phishing detection only for domains listed in the .pdb database. It is
+# not recommended to have this option turned off, because scanning of all
+# domains may lead to many false positives!
+# (available in experimental builds only)
+# Default: yes
+#PhishingRestrictedScan yes
+
+# Always block SSL mismatches in URLs, even if the URL isn't in the database.
+# This can lead to false positives.
+# (available in experimental builds only)
+#
+# Default: no
+#PhishingAlwaysBlockSSLMismatch no
+
+# Always block cloaked URLs, even if URL isn't in database.
+# This can lead to false positives.
+# (available in experimental builds only)
+#
+# Default: no
+#PhishingAlwaysBlockCloak no
##
## HTML
##
# Perform HTML normalisation and decryption of MS Script Encoder code.
-# Default: enabled
-#ScanHTML
+# Default: yes
+#ScanHTML yes
##
@@ -231,15 +272,8 @@ User @clamav_rusr@
##
# ClamAV can scan within archives and compressed files.
-# Default: enabled
-#ScanArchive
-
-# Due to license issues libclamav does not support RAR 3.0 archives (only the
-# old 2.0 format is supported). Because some users report stability problems
-# with unrarlib it's disabled by default and you must uncomment the directive
-# below to enable RAR 2.0 support.
-# Default: disabled
-#ScanRAR
+# Default: yes
+#ScanArchive yes
# The options below protect your system against Denial of Service attacks
# using archive bombs.
@@ -251,10 +285,10 @@ User @clamav_rusr@
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
-# deep the process should be continued.
+# deeply the process should be continued.
# Value of 0 disables the limit.
-# Default: 8
-#ArchiveMaxRecursion 9
+# Default: 8
+#ArchiveMaxRecursion 10
# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
@@ -269,18 +303,22 @@ User @clamav_rusr@
# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
-# Default: disabled
-#ArchiveLimitMemoryUsage
+# Default: no
+#ArchiveLimitMemoryUsage yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
-# Default: disabled
-#ArchiveBlockEncrypted
+# Default: no
+#ArchiveBlockEncrypted no
# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
-# Default: disabled
-#ArchiveBlockMax
+# Default: no
+#ArchiveBlockMax no
+
+# Enable support for Sensory Networks' NodalCore hardware accelerator.
+# Default: no
+#NodalCoreAcceleration yes
##
@@ -290,16 +328,16 @@ User @clamav_rusr@
##
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
-# Default: disabled
-#ClamukoScanOnAccess
+# Default: no
+#ClamukoScanOnAccess yes
# Set access mask for Clamuko.
-# Default: disabled
-#ClamukoScanOnOpen
-#ClamukoScanOnClose
-#ClamukoScanOnExec
+# Default: no
+#ClamukoScanOnOpen yes
+#ClamukoScanOnClose yes
+#ClamukoScanOnExec yes
-# Set the include paths (all files in them will be scanned). You can have
+# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
@@ -308,7 +346,7 @@ User @clamav_rusr@
# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
-#ClamukoExcludePath /home/guru
+#ClamukoExcludePath /home/bofh
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
diff --git a/conf/templates/freshclam.conf.template.in b/conf/templates/freshclam.conf.template.in
index 258d26e..72ee160 100644
--- a/conf/templates/freshclam.conf.template.in
+++ b/conf/templates/freshclam.conf.template.in
@@ -8,7 +8,6 @@ KOLAB_META_END
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
-## This file may be optionally merged with clamd.conf.
##
@@ -25,12 +24,12 @@ DatabaseDirectory @clamav_datadir@
UpdateLogFile @freshclam_logfile@
# Enable verbose logging.
-# Default: disabled
-#LogVerbose
+# Default: no
+#LogVerbose yes
# Use system logger (can work together with UpdateLogFile).
-# Default: disabled
-#LogSyslog
+# Default: no
+#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
@@ -47,18 +46,19 @@ UpdateLogFile @freshclam_logfile@
#DatabaseOwner clamav
# Initialize supplementary group access (freshclam must be started by root).
-# Default: disabled
-#AllowSupplementaryGroups
+# Default: no
+#AllowSupplementaryGroups yes
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
-# Default: enabled, pointing to current.cvd.clamav.net
+# WARNING: Do not touch it unless you're configuring freshclam to use your
+# own database verification domain.
+# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
-# Default: There is no default, which results in an error when running freshclam
#DatabaseMirror db.XY.clamav.net
# database.clamav.net is a round-robin record which points to our most
@@ -71,6 +71,10 @@ DatabaseMirror database.clamav.net
# Default: 3 (per mirror)
#MaxAttempts 5
+# With this option you can control scripted updates. It's highly recommended
+# to keep it enabled.
+#ScriptedUpdates yes
+
# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
@@ -82,16 +86,19 @@ DatabaseMirror database.clamav.net
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
+# If your servers are behind a firewall/proxy which applies User-Agent
+# filtering you can use this option to force the use of a different
+# User-Agent header.
+# Default: clamav/version_number
+#HTTPUserAgent SomeUserAgentIdString
+
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd
# Send the RELOAD command to clamd.
-# Default: disabled
-#NotifyClamd @clamav_confdir@/clamd.conf
-# By default it uses the hardcoded configuration file but you can force an
-# another one.
+# Default: no
NotifyClamd @clamav_confdir@/clamd.conf
# Run command after successful database update.
@@ -102,10 +109,23 @@ NotifyClamd @clamav_confdir@/clamd.conf
# Default: disabled
#OnErrorExecute command
-# Don't fork into background.
+# Run command when freshclam reports outdated version.
+# In the command string %v will be replaced by the new version number.
# Default: disabled
-#Foreground
+#OnOutdatedExecute command
+
+# Don't fork into background.
+# Default: no
+#Foreground yes
# Enable debug messages in libclamav.
-# Default: disabled
-#Debug
+# Default: no
+#Debug yes
+
+# Timeout in seconds when connecting to database server.
+# Default: 30
+#ConnectTimeout 60
+
+# Timeout in seconds when reading from database server.
+# Default: 30
+#ReceiveTimeout 60