Milter Settings

Milter socket - MilterSocket
The interface through which we communicate with postfix.
unix:/path/to/file - to specify a unix domain socket.
inet:port@[hostname|ip-address] - to specify an ipv4 socket.
inet6:port@[hostname|ip-address] - to specify an ipv6 socket.
Default: unix:/var/run/clamav-milter/clamav-milter.sock

Milter socket group - MilterSocketGroup
The group ownership for the (unix) milter socket.
Default: postfix

Milter socket mode - MilterSocketMode
The permissions on the (unix) milter socket to the specified mode.
Default: 666

Fix stale socket - FixStaleSocket
Remove stale socket after unclean shutdown.
Default: yes

User - User
Run as another user (clamav-milter must be started by root for this option to work).
Default: clamilt

Allow supplementary groups - AllowSupplementaryGroups
Initialize supplementary group access (clamav-milter must be started by root).
Default: yes

Read timeout - ReadTimeout
Waiting for data from clamd will timeout after this time (seconds).
Default: 120

Foreground - Foreground
Do not fork into background.
Default: no

Pid file - PidFile
Save a process identifier of the listening daemon (main thread).
Default: /var/run/clamav-milter/

Temporary directory - TemporaryDirectory
Optional path to the global temporary directory.
Default: /var/tmp

Clamd socket - ClamdSocket
The clamd socket to connect to for scanning.
Default: unix:/var/run/clamd.scan/clamd.sock

Local nets - LocalNet
Messages originating from these hosts/networks will not be scanned.
Default: empty

Whitelist - Whitelist
Path to filename that excludes senders or recipients from anti-virus scanning.
Default: /etc/mail/clamav-milter-whitelist.conf

SkipAuthenticated - SkipAuthenticated
Path to filename that excludes authenticated senders from anti-virus scanning.
Default: file:/etc/mail/clamav-milter-skipauthenticated.conf

Max file size - MaxFileSize
Messages larger than this value will not be scanned. Make sure this value is lower or equal than StreamMaxLength in clamd.conf
Default: 25M

On clean - OnClean
Action to be performed on clean messages (mostly useful for testing).
Default: Accept

On infected - OnInfected
Action to be performed on infected messages.
Default: Reject

On fail - OnFail
Action to be performed on error conditions (this includes failure to allocate data structures, no scanners available, network timeouts, unknown scanner replies and the like).
Default: Defer

Reject message - RejectMsg
Set a specific rejection reason for infected messages. Only useful together with "OnInfected Reject". The string "%v", if present, will be replaced with the virus name.
Default: "REJECT - AntiVirus detected: %v"

Add header - AddHeader
If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing headers. If it is set to Add, the X-Virus headers are added possibly on top of the existing ones. Note that while "Replace" can potentially break DKIM signatures, "Add" may confuse procmail and similar filters.
Default: no

Report hostname - ReportHostname
When AddHeader is in use, this option allows to arbitrary set the reported hostname. This may be desirable in order to avoid leaking internal names. If unset the real machine name is used.
Default: empty

Virus action - VirusAction
Execute a command when an infected message is found.
Default: /usr/local/psa/admin/htdocs/warden/application/scripts/virus_action.php

Related Pages