Antivirus Settings

Pid file - PidFile
Save a process identifier of the listening daemon (main thread).
Default: /var/run/clamd.scan/clamd.pid

Temporary directory - TemporaryDirectory
Path to the global temporary directory.
Default: /var/tmp

Database directory - DatabaseDirectory
Path to the database directory.
Default: /var/lib/clamav

Official database only - OfficialDatabaseOnly
Only load the official signatures published by the ClamAV project.
Default: no

Local socket - LocalSocket
Path to a local socket file the daemon will listen on.
Default: /var/run/clamd.scan/clamd.sock

Local socket group - LocalSocketGroup
Sets the group ownership on the unix socket.
Default: clamscan

Local socket mode - LocalSocketMode
Sets the permissions on the unix socket to the specified mode.
Default: 666

Fix stale socket - FixStaleSocket
Remove stale socket after unclean shutdown.
Default: yes

TCP socket - TCPSocket
The TCP port address.
Default: empty

TCP addr - TCPAddr
The TCP address.
Default: empty

Max connection queue length - MaxConnectionQueueLength
Maximum length the queue of pending connections may grow to.
Default: 200

Stream max length - StreamMaxLength
Close the connection when the data size limit is exceeded. The value should match your MTAs limit for a maximum attachment size.
Default: 25M

Stream min port - StreamMinPort
Limit port range.
Default: 1024

Stream max port - StreamMaxPort
Limit port range.
Default: 2048

Max threads - MaxThreads
Maximum number of threads running at the same time.
Default: 10

Read timeout - ReadTimeout
Waiting for data from a client socket will timeout after this time. (seconds)
Default: 120

Command read timeout - CommandReadTimeout
The time after which the antivirus daemon should timeout if a client does not provide any initial command after connecting. (seconds)
Default: 5

Send Bufber timeout - SendBufTimeout
How long to wait if the send buffer is full. (milliseconds)
Default: 500

Max queue - MaxQueue
Maximum number of queued items (including those being processed by MaxThreads threads). It is recommended to have this value at least twice MaxThreads if possible.
Default: 100

Idle timeout - IdleTimeout
Waiting for a new job will timeout after this time. (seconds)
Default: 30

Exclude path - ExcludePath
Do not scan files and directories matching this regex.
Default: ^/proc/ ^/sys/ /usr/share/doc/clamav-*/test/

Max directory recursion - MaxDirectoryRecursion
Maximum depth directories are scanned at.
Default: 15

Follow directory symlinks - FollowDirectorySymlinks
Follow directory symlinks.
Default: no

Follow file symlinks - FollowFileSymlinks
Follow regular file symlinks.
Default: no

Cross file systems - CrossFilesystems
Scan files and directories on other filesystems.
Default: yes

Self check - SelfCheck
Perform a database check.
Default: 600

Virus event - VirusEvent
Execute a command when virus is found. In the command string %v will be replaced with the virus name.
Default: no

User - User
Run as another user (The antivirus daemon must be started by root).
Default: clamscan

Allow supplementary groups - AllowSupplementaryGroups
Initialize supplementary group access (The antivirus daemon must be started by root).
Default: yes

Exit on out of memory condition - ExitOnOOM
Stop daemon when libclamav reports out of memory condition.
Default: no

Foreground - Foreground
Do not fork into background.
Default: no

Debug - Debug
Enable debug messages in libclamav.
Default: no

Leave temporary files - LeaveTemporaryFiles
Do not remove temporary files (for debug purposes).
Default: no

Allow all match scan - AllowAllMatchScan
Permit use of the ALLMATCHSCAN command.
Default: yes

Detect possible unwanted apps - DetectPUA
Detect possibly unwanted applications.
Default: no

Exclude possible unwanted apps - ExcludePUA
Exclude a specific possibly unwanted application category.
Default: empty

Include possible unwanted apps - IncludePUA
Only include a specific possibly unwanted application category.
Default: empty

Algorithmic detection - AlgorithmicDetection
In some cases (eg. complex malware, exploits in graphic files, and others, the antivirus uses special algorithms to provide accurate detection. This option controls the algorithmic detection.
Default: yes

Force to disk - ForceToDisk
Force memory or nested map scans to dump the content to disk. More data is written to disk and is available when the LeaveTemporaryFiles option is enabled.
Default: no

Disable cache - DisableCache
Disable the caching feature of the engine. By default, the engine will store an MD5 in a cache of any files that are not flagged as virus or that hit limits checks. Disabling the cache will have a negative performance impact on large scans.
Default: no

Heuristic alerts - HeuristicAlerts
In some cases (eg. complex malware, exploits in graphic files, and others, the antivirus uses special algorithms to provide accurate detection. This option enables alerting on such heuristically detected potential threats.
Default: no