260421448d
AlertOLE2Macros, default should be set to NO With this option enabled OLE2 files containing VBA macros, which were NOT detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". This causes most microsoft office document files which contains macros to be blocked. Majority of corporate documents mailed contain macros. When the option is set to NO, emails are still checked for known malicious macros. Due to any message failing clamav being set to a 2000 score, this causes all legitimate emails with harmless macros to be blocked. The default for debian/ubuntu is to set this to NO cPanel, iredmail, etc all have this option set to NO
48 lines
877 B
Plaintext
48 lines
877 B
Plaintext
#Debug true
|
|
#LogFile /dev/null
|
|
LogTime yes
|
|
LogClean yes
|
|
ExtendedDetectionInfo yes
|
|
PidFile /run/clamav/clamd.pid
|
|
OfficialDatabaseOnly no
|
|
LocalSocket /run/clamav/clamd.sock
|
|
TCPSocket 3310
|
|
StreamMaxLength 25M
|
|
MaxThreads 10
|
|
ReadTimeout 10
|
|
CommandReadTimeout 3
|
|
SendBufTimeout 200
|
|
MaxQueue 80
|
|
IdleTimeout 20
|
|
SelfCheck 3600
|
|
User clamav
|
|
Foreground yes
|
|
DetectPUA yes
|
|
# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md
|
|
#ExcludePUA NetTool
|
|
#ExcludePUA PWTool
|
|
#IncludePUA Spy
|
|
#IncludePUA Scanner
|
|
#IncludePUA RAT
|
|
HeuristicAlerts yes
|
|
ScanOLE2 yes
|
|
AlertOLE2Macros no
|
|
ScanPDF yes
|
|
ScanSWF yes
|
|
ScanXMLDOCS yes
|
|
ScanHWP3 yes
|
|
ScanMail yes
|
|
PhishingSignatures no
|
|
PhishingScanURLs no
|
|
HeuristicScanPrecedence yes
|
|
ScanHTML yes
|
|
ScanArchive yes
|
|
MaxScanSize 50M
|
|
MaxFileSize 25M
|
|
MaxRecursion 5
|
|
MaxFiles 200
|
|
ScanOnAccess no
|
|
Bytecode yes
|
|
BytecodeSecurity TrustSigned
|
|
BytecodeTimeout 1000
|