Antivirus Settings

Pid file - PidFile
Save a process identifier of the listening daemon (main thread).
Default: /var/run/clamd.scan/

Temporary directory - TemporaryDirectory
Path to the global temporary directory.
Default: /var/tmp

Database directory - DatabaseDirectory
Path to the database directory.
Default: /var/lib/clamav

Official database only - OfficialDatabaseOnly
Only load the official signatures published by the ClamAV project.
Default: no

Local socket - LocalSocket
Path to a local socket file the daemon will listen on.
Default: /var/run/clamd.scan/clamd.sock

Local socket group - LocalSocketGroup
Sets the group ownership on the unix socket.
Default: clamscan

Local socket mode - LocalSocketMode
Sets the permissions on the unix socket to the specified mode.
Default: 666

Fix stale socket - FixStaleSocket
Remove stale socket after unclean shutdown.
Default: yes

TCP socket - TCPSocket
The TCP port address.
Default: empty

TCP addr - TCPAddr
The TCP address.
Default: empty

Max connection queue length - MaxConnectionQueueLength
Maximum length the queue of pending connections may grow to.
Default: 200

Stream max length - StreamMaxLength
Close the connection when the data size limit is exceeded. The value should match your MTAs limit for a maximum attachment size.
Default: 25M

Stream min port - StreamMinPort
Limit port range.
Default: 1024

Stream max port - StreamMaxPort
Limit port range.
Default: 2048

Max threads - MaxThreads
Maximum number of threads running at the same time.
Default: 10

Read timeout - ReadTimeout
Waiting for data from a client socket will timeout after this time. (seconds)
Default: 120

Command read timeout - CommandReadTimeout
The time after which the antivirus daemon should timeout if a client does not provide any initial command after connecting. (seconds)
Default: 5

Send Bufber timeout - SendBufTimeout
How long to wait if the send buffer is full. (milliseconds)
Default: 500

Max queue - MaxQueue
Maximum number of queued items (including those being processed by MaxThreads threads). It is recommended to have this value at least twice MaxThreads if possible.
Default: 100

Idle timeout - IdleTimeout
Waiting for a new job will timeout after this time. (seconds)
Default: 30

Exclude path - ExcludePath
Do not scan files and directories matching this regex.
Default: ^/proc/ ^/sys/ /usr/share/doc/clamav-*/test/

Max directory recursion - MaxDirectoryRecursion
Maximum depth directories are scanned at.
Default: 15

Follow directory symlinks - FollowDirectorySymlinks
Follow directory symlinks.
Default: no

Follow file symlinks - FollowFileSymlinks
Follow regular file symlinks.
Default: no

Cross file systems - CrossFilesystems
Scan files and directories on other filesystems.
Default: yes

Self check - SelfCheck
Perform a database check.
Default: 600

Virus event - VirusEvent
Execute a command when virus is found. In the command string %v will be replaced with the virus name.
Default: no

User - User
Run as another user (The antivirus daemon must be started by root).
Default: clamscan

Allow supplementary groups - AllowSupplementaryGroups
Initialize supplementary group access (The antivirus daemon must be started by root).
Default: yes

Exit on out of memory condition - ExitOnOOM
Stop daemon when libclamav reports out of memory condition.
Default: no

Foreground - Foreground
Do not fork into background.
Default: no

Debug - Debug
Enable debug messages in libclamav.
Default: no

Leave temporary files - LeaveTemporaryFiles
Do not remove temporary files (for debug purposes).
Default: no

Allow all match scan - AllowAllMatchScan
Permit use of the ALLMATCHSCAN command.
Default: yes

Detect possible unwanted apps - DetectPUA
Detect possibly unwanted applications.
Default: no

Exclude possible unwanted apps - ExcludePUA
Exclude a specific possibly unwanted application category.
Default: empty

Include possible unwanted apps - IncludePUA
Only include a specific possibly unwanted application category.
Default: empty

Algorithmic detection - AlgorithmicDetection
In some cases (eg. complex malware, exploits in graphic files, and others, the antivirus uses special algorithms to provide accurate detection. This option controls the algorithmic detection.
Default: yes

Force to disk - ForceToDisk
Force memory or nested map scans to dump the content to disk. More data is written to disk and is available when the LeaveTemporaryFiles option is enabled.
Default: no

Disable cache - DisableCache
Disable the caching feature of the engine. By default, the engine will store an MD5 in a cache of any files that are not flagged as virus or that hit limits checks. Disabling the cache will have a negative performance impact on large scans.
Default: no

Log Settings

LogFile - LogFile
The log file must be writable for the user running daemon. A full path is required.
Default: /var/log/clamd.scan

LogFileUnlock - LogFileUnlock
Disable log file locking.
Default: no

LogFileMaxSize - LogFileMaxSize
Maximum size of the log file. A value of 0 disabled the limit. You may use M/m for megabytes or K/k for kilobytes. To specify the size in bytes just do not use modifiers. If LogFileMaxSize is enabled log rotation (the LogRotate option) will always be enabled.
Default: 1M

LogTime - LogTime
Log the time with each message.
Default: yes

LogClean - LogClean
Also log clean files. Useful in debugging but drastically increases the log size.
Default: no

LogSyslog - LogSyslog
Use the system logger. This can work together with LogFile.
Default: yes

LogFacility - LogFacility
Specify the type of syslog messages - please refer to "man syslog"
Default: LOG_LOCAL6

LogVerbose - LogVerbose
Enable verbose logging.
Default: no

LogRotate - LogRotate
Enable log rotation. Always enabled when LogFileMaxSize is enabled.
Default: no

ExtendedDetectionInfo - ExtendedDetectionInfo
Log additional information about the infected file, such as its size and hash, together with the virus name.
Default: no