diff options
Diffstat (limited to 'recipes-security/clamav/clamav-0.99.1/clamav-milter.conf.sample')
-rw-r--r-- | recipes-security/clamav/clamav-0.99.1/clamav-milter.conf.sample | 293 |
1 files changed, 293 insertions, 0 deletions
diff --git a/recipes-security/clamav/clamav-0.99.1/clamav-milter.conf.sample b/recipes-security/clamav/clamav-0.99.1/clamav-milter.conf.sample new file mode 100644 index 0000000..ed0d519 --- /dev/null +++ b/recipes-security/clamav/clamav-0.99.1/clamav-milter.conf.sample | |||
@@ -0,0 +1,293 @@ | |||
1 | ## | ||
2 | ## Example config file for clamav-milter | ||
3 | ## | ||
4 | |||
5 | # Comment or remove the line below. | ||
6 | Example | ||
7 | |||
8 | |||
9 | ## | ||
10 | ## Main options | ||
11 | ## | ||
12 | |||
13 | # Define the interface through which we communicate with sendmail | ||
14 | # This option is mandatory! Possible formats are: | ||
15 | # [[unix|local]:]/path/to/file - to specify a unix domain socket | ||
16 | # inet:port@[hostname|ip-address] - to specify an ipv4 socket | ||
17 | # inet6:port@[hostname|ip-address] - to specify an ipv6 socket | ||
18 | # | ||
19 | # Default: no default | ||
20 | #MilterSocket /tmp/clamav-milter.socket | ||
21 | #MilterSocket inet:7357 | ||
22 | |||
23 | # Define the group ownership for the (unix) milter socket. | ||
24 | # Default: disabled (the primary group of the user running clamd) | ||
25 | #MilterSocketGroup virusgroup | ||
26 | |||
27 | # Sets the permissions on the (unix) milter socket to the specified mode. | ||
28 | # Default: disabled (obey umask) | ||
29 | #MilterSocketMode 660 | ||
30 | |||
31 | # Remove stale socket after unclean shutdown. | ||
32 | # | ||
33 | # Default: yes | ||
34 | #FixStaleSocket yes | ||
35 | |||
36 | # Run as another user (clamav-milter must be started by root for this option to work) | ||
37 | # | ||
38 | # Default: unset (don't drop privileges) | ||
39 | #User clamav | ||
40 | |||
41 | # Initialize supplementary group access (clamav-milter must be started by root). | ||
42 | # | ||
43 | # Default: no | ||
44 | #AllowSupplementaryGroups no | ||
45 | |||
46 | # Waiting for data from clamd will timeout after this time (seconds). | ||
47 | # Value of 0 disables the timeout. | ||
48 | # | ||
49 | # Default: 120 | ||
50 | #ReadTimeout 300 | ||
51 | |||
52 | # Don't fork into background. | ||
53 | # | ||
54 | # Default: no | ||
55 | #Foreground yes | ||
56 | |||
57 | # Chroot to the specified directory. | ||
58 | # Chrooting is performed just after reading the config file and before dropping privileges. | ||
59 | # | ||
60 | # Default: unset (don't chroot) | ||
61 | #Chroot /newroot | ||
62 | |||
63 | # This option allows you to save a process identifier of the listening | ||
64 | # daemon (main thread). | ||
65 | # | ||
66 | # Default: disabled | ||
67 | #PidFile /var/run/clamav/clamav-milter.pid | ||
68 | |||
69 | # Optional path to the global temporary directory. | ||
70 | # Default: system specific (usually /tmp or /var/tmp). | ||
71 | # | ||
72 | #TemporaryDirectory /var/tmp | ||
73 | |||
74 | ## | ||
75 | ## Clamd options | ||
76 | ## | ||
77 | |||
78 | # Define the clamd socket to connect to for scanning. | ||
79 | # This option is mandatory! Syntax: | ||
80 | # ClamdSocket unix:path | ||
81 | # ClamdSocket tcp:host:port | ||
82 | # The first syntax specifies a local unix socket (needs an absolute path) e.g.: | ||
83 | # ClamdSocket unix:/var/run/clamd/clamd.socket | ||
84 | # The second syntax specifies a tcp local or remote tcp socket: the | ||
85 | # host can be a hostname or an ip address; the ":port" field is only required | ||
86 | # for IPv6 addresses, otherwise it defaults to 3310, e.g.: | ||
87 | # ClamdSocket tcp:192.168.0.1 | ||
88 | # | ||
89 | # This option can be repeated several times with different sockets or even | ||
90 | # with the same socket: clamd servers will be selected in a round-robin fashion. | ||
91 | # | ||
92 | # Default: no default | ||
93 | ClamdSocket /var/run/clamav/clamd | ||
94 | |||
95 | |||
96 | ## | ||
97 | ## Exclusions | ||
98 | ## | ||
99 | |||
100 | # Messages originating from these hosts/networks will not be scanned | ||
101 | # This option takes a host(name)/mask pair in CIRD notation and can be | ||
102 | # repeated several times. If "/mask" is omitted, a host is assumed. | ||
103 | # To specify a locally orignated, non-smtp, email use the keyword "local" | ||
104 | # | ||
105 | # Default: unset (scan everything regardless of the origin) | ||
106 | #LocalNet local | ||
107 | #LocalNet 192.168.0.0/24 | ||
108 | #LocalNet 1111:2222:3333::/48 | ||
109 | |||
110 | # This option specifies a file which contains a list of basic POSIX regular | ||
111 | # expressions. Addresses (sent to or from - see below) matching these regexes | ||
112 | # will not be scanned. Optionally each line can start with the string "From:" | ||
113 | # or "To:" (note: no whitespace after the colon) indicating if it is, | ||
114 | # respectively, the sender or recipient that is to be whitelisted. | ||
115 | # If the field is missing, "To:" is assumed. | ||
116 | # Lines starting with #, : or ! are ignored. | ||
117 | # | ||
118 | # Default unset (no exclusion applied) | ||
119 | #Whitelist /etc/whitelisted_addresses | ||
120 | |||
121 | # Messages from authenticated SMTP users matching this extended POSIX | ||
122 | # regular expression (egrep-like) will not be scanned. | ||
123 | # As an alternative, a file containing a plain (not regex) list of names (one | ||
124 | # per line) can be specified using the prefix "file:". | ||
125 | # e.g. SkipAuthenticated file:/etc/good_guys | ||
126 | # | ||
127 | # Note: this is the AUTH login name! | ||
128 | # | ||
129 | # Default: unset (no whitelisting based on SMTP auth) | ||
130 | #SkipAuthenticated ^(tom|dick|henry)$ | ||
131 | |||
132 | # Messages larger than this value won't be scanned. | ||
133 | # Make sure this value is lower or equal than StreamMaxLength in clamd.conf | ||
134 | # | ||
135 | # Default: 25M | ||
136 | #MaxFileSize 10M | ||
137 | |||
138 | |||
139 | ## | ||
140 | ## Actions | ||
141 | ## | ||
142 | |||
143 | # The following group of options controls the delievery process under | ||
144 | # different circumstances. | ||
145 | # The following actions are available: | ||
146 | # - Accept | ||
147 | # The message is accepted for delievery | ||
148 | # - Reject | ||
149 | # Immediately refuse delievery (a 5xx error is returned to the peer) | ||
150 | # - Defer | ||
151 | # Return a temporary failure message (4xx) to the peer | ||
152 | # - Blackhole (not available for OnFail) | ||
153 | # Like Accept but the message is sent to oblivion | ||
154 | # - Quarantine (not available for OnFail) | ||
155 | # Like Accept but message is quarantined instead of being delivered | ||
156 | # | ||
157 | # NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ | ||
158 | # For Postfix this causes the message to be placed on hold | ||
159 | # | ||
160 | # Action to be performed on clean messages (mostly useful for testing) | ||
161 | # Default: Accept | ||
162 | #OnClean Accept | ||
163 | |||
164 | # Action to be performed on infected messages | ||
165 | # Default: Quarantine | ||
166 | #OnInfected Quarantine | ||
167 | |||
168 | # Action to be performed on error conditions (this includes failure to | ||
169 | # allocate data structures, no scanners available, network timeouts, | ||
170 | # unknown scanner replies and the like) | ||
171 | # Default: Defer | ||
172 | #OnFail Defer | ||
173 | |||
174 | # This option allows to set a specific rejection reason for infected messages | ||
175 | # and it's therefore only useful together with "OnInfected Reject" | ||
176 | # The string "%v", if present, will be replaced with the virus name. | ||
177 | # Default: MTA specific | ||
178 | #RejectMsg | ||
179 | |||
180 | # If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an | ||
181 | # "X-Virus-Status" headers will be attached to each processed message, possibly | ||
182 | # replacing existing headers. | ||
183 | # If it is set to Add, the X-Virus headers are added possibly on top of the | ||
184 | # existing ones. | ||
185 | # Note that while "Replace" can potentially break DKIM signatures, "Add" may | ||
186 | # confuse procmail and similar filters. | ||
187 | # Default: no | ||
188 | #AddHeader Replace | ||
189 | |||
190 | # When AddHeader is in use, this option allows to arbitrary set the reported | ||
191 | # hostname. This may be desirable in order to avoid leaking internal names. | ||
192 | # If unset the real machine name is used. | ||
193 | # Default: disabled | ||
194 | #ReportHostname my.mail.server.name | ||
195 | |||
196 | # Execute a command (possibly searching PATH) when an infected message is found. | ||
197 | # The following parameters are passed to the invoked program in this order: | ||
198 | # virus name, queue id, sender, destination, subject, message id, message date. | ||
199 | # Note #1: this requires MTA macroes to be available (see LogInfected below) | ||
200 | # Note #2: the process is invoked in the context of clamav-milter | ||
201 | # Note #3: clamav-milter will wait for the process to exit. Be quick or fork to | ||
202 | # avoid unnecessary delays in email delievery | ||
203 | # Default: disabled | ||
204 | #VirusAction /usr/local/bin/my_infected_message_handler | ||
205 | |||
206 | ## | ||
207 | ## Logging options | ||
208 | ## | ||
209 | |||
210 | # Uncomment this option to enable logging. | ||
211 | # LogFile must be writable for the user running daemon. | ||
212 | # A full path is required. | ||
213 | # | ||
214 | # Default: disabled | ||
215 | #LogFile /var/log/clamav/clamav-milter.log | ||
216 | |||
217 | # By default the log file is locked for writing - the lock protects against | ||
218 | # running clamav-milter multiple times. | ||
219 | # This option disables log file locking. | ||
220 | # | ||
221 | # Default: no | ||
222 | #LogFileUnlock yes | ||
223 | |||
224 | # Maximum size of the log file. | ||
225 | # Value of 0 disables the limit. | ||
226 | # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) | ||
227 | # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size | ||
228 | # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log | ||
229 | # rotation (the LogRotate option) will always be enabled. | ||
230 | # | ||
231 | # Default: 1M | ||
232 | #LogFileMaxSize 2M | ||
233 | |||
234 | # Log time with each message. | ||
235 | # | ||
236 | # Default: no | ||
237 | #LogTime yes | ||
238 | |||
239 | # Use system logger (can work together with LogFile). | ||
240 | # | ||
241 | # Default: no | ||
242 | #LogSyslog yes | ||
243 | |||
244 | # Specify the type of syslog messages - please refer to 'man syslog' | ||
245 | # for facility names. | ||
246 | # | ||
247 | # Default: LOG_LOCAL6 | ||
248 | #LogFacility LOG_MAIL | ||
249 | |||
250 | # Enable verbose logging. | ||
251 | # | ||
252 | # Default: no | ||
253 | #LogVerbose yes | ||
254 | |||
255 | # Enable log rotation. Always enabled when LogFileMaxSize is enabled. | ||
256 | # Default: no | ||
257 | #LogRotate yes | ||
258 | |||
259 | # This option allows to tune what is logged when a message is infected. | ||
260 | # Possible values are Off (the default - nothing is logged), | ||
261 | # Basic (minimal info logged), Full (verbose info logged) | ||
262 | # Note: | ||
263 | # For this to work properly in sendmail, make sure the msg_id, mail_addr, | ||
264 | # rcpt_addr and i macroes are available in eom. In other words add a line like: | ||
265 | # Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i | ||
266 | # to your .cf file. Alternatively use the macro: | ||
267 | # define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i') | ||
268 | # Postfix should be working fine with the default settings. | ||
269 | # | ||
270 | # Default: disabled | ||
271 | #LogInfected Basic | ||
272 | |||
273 | # This option allows to tune what is logged when no threat is found in a scanned message. | ||
274 | # See LogInfected for possible values and caveats. | ||
275 | # Useful in debugging but drastically increases the log size. | ||
276 | # Default: disabled | ||
277 | #LogClean Basic | ||
278 | |||
279 | # This option affects the behaviour of LogInfected, LogClean and VirusAction | ||
280 | # when a message with multiple recipients is scanned: | ||
281 | # If SupportMultipleRecipients is off (the default) | ||
282 | # then one single log entry is generated for the message and, in case the | ||
283 | # message is determined to be malicious, the command indicated by VirusAction | ||
284 | # is executed just once. In both cases only the last recipient is reported. | ||
285 | # If SupportMultipleRecipients is on: | ||
286 | # then one line is logged for each recipient and the command indicated | ||
287 | # by VirusAction is also executed once for each recipient. | ||
288 | # | ||
289 | # Note: although it's probably a good idea to enable this option, the default value | ||
290 | # is currently set to off for legacy reasons. | ||
291 | # Default: no | ||
292 | #SupportMultipleRecipients yes | ||
293 | |||