Maximum directory depth -
The maximum directory depth that the scanner will search, a value of 10-15 is recommended. (changing this may have an impact on scan performance)
Minimum file size -
The minimum file size in bytes for a file to be included in LMD scans. (changing this may have an impact on scan performance)
The maximum file size for a file to be included in LMD scans. Accepted value formats are b, k, M. When using the clamscan engine, the max_filesize will be dynamically set based on the largest known filesize from the MD5 hash signature file. (changing this may have an impact on scan performance)
Maximum file size -
The maximum byte depth that the scanner will search into a files content. The default signature rules expect a depth size of at least 65536 bytes. (changing this may have an impact on scan performance)
Use named pipe instead of stdin -
Use named pipe (FIFO) for passing file contents hex data instead of stdin default; improved performance and greater scanning depth. This is highly recommended and works on most systems. The hexfifo will be disabled automatically if for any reason it can not be successfully utilized.
Maximum named pipe depth -
The maximum byte depth that the scanner will search into a files content when using named pipe (FIFO). Improved performance allows for greater scan depth over default scan_hexdepth value. (changing this may have an impact on scan performance)
Use ClamAV clamscan binary -
If installed, use ClamAV clamscan binary as default scan engine which provides improved scan performance on large file sets. The clamscan engine is used in conjunction with native ClamAV signatures updated through freshclam along with LMD signatures providing additional detection capabilities.
Tmp directory paths -
Include the scanning of known temporary world-writable paths.
Default: /tmp /var/tmp /dev/shm
Allow non-root users access -
Allows non-root users to perform scans. This must be enabled when using mod_security2 upload scanning or if you want to allow users to perform scans. When enabled, this will populate "pub/" with user owned quarantine, session and temporary paths to faciliate scans.
Process CPU scheduling priority -
Process CPU scheduling (nice) priority level for scan operations. (-19 = high prio, 19 = low prio, default = 19)
Process IO scheduling priority -
Process IO scheduling (ionice) priority levels for scan operations. (0 = most favorable IO, 7 = least favorable IO)
CPU usage limit -
Set hard limit on CPU usage for find and clam(d)scan processes. This requires the "cpulimit" binary to be available on the server. The values are expressed as relative percentage * N cores on system. An 8 CPU core system would accept values from 0 - 800, a 12 cores system would accept 0 - 1200 etc.
Ignore files owned by root -
As a design and common use case, LMD typically only scans user space paths and as such it makes sense to ignore files that are root owned. It is recommended to leave this enabled for best performance.
Ignore users -
Ignore specific users from scans. This option should be used with care and is not ideal for ignoring false positives. Instead, you should use one of the ignore files.
Ignore groups -
Ignore specific groups from scans. This option should be used with care and is not ideal for ignoring false positives. Instead, you should use one of the ignore files.
Find timeout -
The maximum amount of time, in seconds, that the "find" file list generation. will run before it is terminated. All "find" results up to the point of termination will be fully scanned. If performing a full scan of all user paths on a large server, it is reasonable to expect the find operation may take a long time to complete and as such this feature may interfere.
Export filelist -
The daily cron "find" operation performed by LMD detects recently created/modified user files. This "find" operation can be especially resource intensive and it may be desirable to persist the file list results so that other applications/tasks may make use of the results. When scan_export_filelist is enabled the most recent result set will be saved to "/usr/local/maldetect/tmp/find_results.last"