Subversion Repositories configs

##

## Example config file for clamav-milter

##

# Comment or remove the line below.

Example

##

## Main options

##

# Define the interface through which we communicate with sendmail

# This option is mandatory! Possible formats are:

# [[unix|local]:]/path/to/file - to specify a unix domain socket

# inet:port@[hostname|ip-address] - to specify an ipv4 socket

# inet6:port@[hostname|ip-address] - to specify an ipv6 socket

#

# Default: no default

#MilterSocket /tmp/clamav-milter.socket

#MilterSocket inet:7357

# Define the group ownership for the (unix) milter socket.

# Default: disabled (the primary group of the user running clamd)

#MilterSocketGroup virusgroup

# Sets the permissions on the (unix) milter socket to the specified mode.

# Default: disabled (obey umask)

#MilterSocketMode 660

# Remove stale socket after unclean shutdown.

#

# Default: yes

#FixStaleSocket yes

# Run as another user (clamav-milter must be started by root for this option to work)

#

# Default: unset (don't drop privileges)

#User clamav

# Initialize supplementary group access (clamav-milter must be started by root).

#

# Default: no

#AllowSupplementaryGroups no

# Waiting for data from clamd will timeout after this time (seconds).

# Value of 0 disables the timeout.

#

# Default: 120

#ReadTimeout 300

# Don't fork into background.

#

# Default: no

#Foreground yes

# Chroot to the specified directory.

# Chrooting is performed just after reading the config file and before dropping privileges.

#

# Default: unset (don't chroot)

#Chroot /newroot

# This option allows you to save a process identifier of the listening

# daemon (main thread).

#

# Default: disabled

#PidFile /var/run/clamav-milter.pid

# Optional path to the global temporary directory.

# Default: system specific (usually /tmp or /var/tmp).

#

#TemporaryDirectory /var/tmp

##

## Clamd options

##

# Define the clamd socket to connect to for scanning.

# This option is mandatory! Syntax:

# ClamdSocket unix:path

# ClamdSocket tcp:host:port

# The first syntax specifies a local unix socket (needs an absolute path) e.g.:

#     ClamdSocket unix:/var/run/clamd/clamd.socket

# The second syntax specifies a tcp local or remote tcp socket: the

# host can be a hostname or an ip address; the ":port" field is only required

# for IPv6 addresses, otherwise it defaults to 3310, e.g.:

#     ClamdSocket tcp:192.168.0.1

#

# This option can be repeated several times with different sockets or even

# with the same socket: clamd servers will be selected in a round-robin fashion.

#

# Default: no default

#ClamdSocket tcp:scanner.mydomain:7357

##

## Exclusions

##

# Messages originating from these hosts/networks will not be scanned

# This option takes a host(name)/mask pair in CIRD notation and can be

# repeated several times. If "/mask" is omitted, a host is assumed.

# To specify a locally orignated, non-smtp, email use the keyword "local"

#

# Default: unset (scan everything regardless of the origin)

#LocalNet local

#LocalNet 192.168.0.0/24

#LocalNet 1111:2222:3333::/48

# This option specifies a file which contains a list of basic POSIX regular

# expressions. Addresses (sent to or from - see below) matching these regexes

# will not be scanned.  Optionally each line can start with the string "From:"

# or "To:" (note: no whitespace after the colon) indicating if it is,

# respectively, the sender or recipient that is to be whitelisted.

# If the field is missing, "To:" is assumed.

# Lines starting with #, : or ! are ignored.

#

# Default unset (no exclusion applied)

#Whitelist /etc/whitelisted_addresses

# Messages from authenticated SMTP users matching this extended POSIX

# regular expression (egrep-like) will not be scanned.

# As an alternative, a file containing a plain (not regex) list of names (one

# per line) can be specified using the prefix "file:".

# e.g. SkipAuthenticated file:/etc/good_guys

#

# Note: this is the AUTH login name!

#

# Default: unset (no whitelisting based on SMTP auth)

#SkipAuthenticated ^(tom|dick|henry)$

# Messages larger than this value won't be scanned.

# Make sure this value is lower or equal than StreamMaxLength in clamd.conf

#

# Default: 25M

#MaxFileSize 10M

##

## Actions

##

# The following group of options controls the delievery process under

# different circumstances.

# The following actions are available:

# - Accept

#   The message is accepted for delievery

# - Reject

#   Immediately refuse delievery (a 5xx error is returned to the peer)

# - Defer

#   Return a temporary failure message (4xx) to the peer

# - Blackhole (not available for OnFail)

#   Like Accept but the message is sent to oblivion

# - Quarantine (not available for OnFail)

#   Like Accept but message is quarantined instead of being delivered

#

# NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ

# For Postfix this causes the message to be placed on hold

#

# Action to be performed on clean messages (mostly useful for testing)

# Default: Accept

#OnClean Accept

# Action to be performed on infected messages

# Default: Quarantine

#OnInfected Quarantine

# Action to be performed on error conditions (this includes failure to

# allocate data structures, no scanners available, network timeouts,

# unknown scanner replies and the like)

# Default: Defer

#OnFail Defer

# This option allows to set a specific rejection reason for infected messages

# and it's therefore only useful together with "OnInfected Reject"

# The string "%v", if present, will be replaced with the virus name.

# Default: MTA specific

#RejectMsg

# If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an

# "X-Virus-Status" headers will be attached to each processed message, possibly

# replacing existing headers.

# If it is set to Add, the X-Virus headers are added possibly on top of the

# existing ones.

# Note that while "Replace" can potentially break DKIM signatures, "Add" may

# confuse procmail and similar filters.

# Default: no

#AddHeader Replace

# When AddHeader is in use, this option allows to arbitrary set the reported

# hostname. This may be desirable in order to avoid leaking internal names.

# If unset the real machine name is used.

# Default: disabled

#ReportHostname my.mail.server.name

# Execute a command (possibly searching PATH) when an infected message is found.

# The following parameters are passed to the invoked program in this order:

# virus name, queue id, sender, destination, subject, message id, message date.

# Note #1: this requires MTA macroes to be available (see LogInfected below)

# Note #2: the process is invoked in the context of clamav-milter

# Note #3: clamav-milter will wait for the process to exit. Be quick or fork to

# avoid unnecessary delays in email delievery

# Default: disabled

#VirusAction /usr/local/bin/my_infected_message_handler

##

## Logging options

##

# Uncomment this option to enable logging.

# LogFile must be writable for the user running daemon.

# A full path is required.

#

# Default: disabled

#LogFile /tmp/clamav-milter.log

# By default the log file is locked for writing - the lock protects against

# running clamav-milter multiple times.

# This option disables log file locking.

#

# Default: no

#LogFileUnlock yes

# Maximum size of the log file.

# Value of 0 disables the limit.

# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)

# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size

# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log

# rotation (the LogRotate option) will always be enabled.

#

# Default: 1M

#LogFileMaxSize 2M

# Log time with each message.

#

# Default: no

#LogTime yes

# Use system logger (can work together with LogFile).

#

# Default: no

#LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'

# for facility names.

#

# Default: LOG_LOCAL6

#LogFacility LOG_MAIL

# Enable verbose logging.

#

# Default: no

#LogVerbose yes

# Enable log rotation. Always enabled when LogFileMaxSize is enabled.

# Default: no

#LogRotate yes

# This option allows to tune what is logged when a message is infected.

# Possible values are Off (the default - nothing is logged),

# Basic (minimal info logged), Full (verbose info logged)

# Note:

# For this to work properly in sendmail, make sure the msg_id, mail_addr,

# rcpt_addr and i macroes are available in eom. In other words add a line like:

# Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i

# to your .cf file. Alternatively use the macro:

# define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')

# Postfix should be working fine with the default settings.

#

# Default: disabled

#LogInfected Basic

# This option allows to tune what is logged when no threat is found in a scanned message.

# See LogInfected for possible values and caveats.

# Useful in debugging but drastically increases the log size.

# Default: disabled

#LogClean Basic

# This option affects the behaviour of LogInfected, LogClean and VirusAction

# when a message with multiple recipients is scanned:

# If SupportMultipleRecipients is off (the default)

# then one single log entry is generated for the message and, in case the

# message is determined to be malicious, the command indicated by VirusAction

# is executed just once. In both cases only the last recipient is reported.

# If SupportMultipleRecipients is on:

# then one line is logged for each recipient and the command indicated

# by VirusAction is also executed once for each recipient.

#

# Note: although it's probably a good idea to enable this option, the default value

# is currently set to off for legacy reasons.

# Default: no

#SupportMultipleRecipients yes