Heuristic alerts - HeuristicAlerts
In some cases (eg. complex malware, exploits in graphic files, and others, the antivirus uses special algorithms to provide
accurate detection. This option enables alerting on such heuristically detected potential threats.
Default: yes
Heuristic scan precedence - HeuristicScanPrecedence
Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it will stop scan immediately.
Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phish, and a real malware,
the real malware will be reported. Keep this disabled if you intend to handle ".Heuristics." viruses differently from "real" malware.',
Default: no
Alert broken executables - AlertBrokenExecutables
With this option clamav will try to detect broken executables (both PE and ELF) and alert on them with the Broken.Executable heuristic signature.
Default: no
Alert broken media - AlertBrokenMedia
Alert on broken media files (JPEG, TIFF, PNG, GIF) and alert on them with a Broken.Media heuristic signature.
Default: no
Alert encrypted - AlertEncrypted
Alert on encrypted archives and documents with heuristic signature (encrypted .zip, .7zip, .rar, .pdf).
Default: no
Alert encrypted archive - AlertEncryptedArchive
Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, .rar).
Default: no
Alert encrypted doc - AlertEncryptedDoc
Alert on encrypted archives with heuristic signature (encrypted .pdf).
Default: no
Alert OLE2 macros - AlertOLE2Macros
Alert on OLE2 files containing VBA macros, which were not detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
Default: no
Alert phishing cloak - AlertPhishingCloak
Alert on cloaked URLs, even if URL is not in the database. This can lead to false positives.
Default: no
Alert phishing SSL mismatch - AlertPhishingSSLMismatch
Alert on SSL mismatches in URLs, even if the URL is not in the database. This can lead to false positives.
Default: no
Alert phishing SSL mismatch - AlertPartitionIntersection
Alert on raw DMG image files containing partition intersections.
Default: no
Scan portable executable files - ScanPE
PE stands for Portable Executable - it is an executable file format used in all 32 and 64-bit versions of Windows
operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it is also required
for decompression of popular executable packers such as UPX, FSG, and Petite. If you turn off this option, the original
files will still be scanned, but without additional processing.
Default: yes
Disable cert check - DisableCertCheck
Certain PE files contain an authenticode signature. By default, we check the signature chain in the PE file against a
database of trusted and revoked certificates if the file being scanned is marked as a virus. If any certificate in the
chain validates against any trusted root, but does not match any revoked certificate, the file is marked as whitelisted.
If the file does match a revoked certificate, the file is marked as virus. The following setting completely turns off
authenticode verification.
Default: no
Scan ELF files - ScanELF
Executable and Linking Format is a standard format for UN*X executables. This option allows you to control the scanning
of ELF files. If you turn off this option, the original files will still be scanned, but without additional processing.
Default: yes
Scan OLE2 files - ScanOLE2
Enable scanning of OLE2 files, such as Microsoft Office documents and .msi files. If you turn off this option, the
original files will still be scanned, but without additional processing.
Default: yes
Scan PDFs - ScanPDF
Enable scanning within PDF files. If you turn off this option, the original files will still be scanned, but without
decoding and additional processing.
Default: yes
Scan SWFs - ScanSWF
Enables scanning within SWF files. If you turn off this option, the original files will still be scanned, but without
decoding and additional processing.
Default: yes
Scan XMLDOCS - ScanXMLDOCS
Enables scanning xml-based document files supported by libclamav. If you turn off this option, the original files will still be scanned, but without additional processing.
Default: yes
Scan HWP3 - ScanHWP3
Enables scanning of HWP3 files. If you turn off this option, the original files will still be scanned, but without additional processing.
Default: yes
Scan mail - ScanMail
Enable internal e-mail scanner. If you turn off this option, the original files will still be scanned, but without
parsing individual messages/attachments.
Default: yes
Scan partial messages - ScanPartialMessages
Scan RFC1341 messages split over many emails. You will need to periodically clean up $TemporaryDirectory/clamav-partial
directory. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: no
Phishing signatures - PhishingSignatures
Try to detect phishing attempts by using signatures.
Default: yes
Phishing scan URLs - PhishingScanURLs
Scan URLs found in mails for phishing attempts using heuristics.
Default: yes
Structured data detection - StructuredDataDetection
Enable the data loss prevention module.
Default: no
Structured min credit card count - StructuredMinCreditCardCount
Set the lowest number of credit card numbers found in a file to generate a detect.
Default: 3
Structured min SSN count - StructuredMinSSNCount
Set the lowest number of social security numbers found in a file to generate a detect.
Default: 3
Structured SSN format normal - StructuredSSNFormatNormal
Search for valid SSNs formatted as xxx-yy-zzzz.
Default: yes
Structured SSN format stripped - StructuredSSNFormatStripped
Search for valid SSNs formatted as xxxyyzzzz.
Default: no
Scan HTML - ScanHTML
Perform HTML normalisation and decryption of MS Script Encoder code. If you turn off this option, the original files
will still be scanned, but without additional processing.
Default: yes
Scan archive - ScanArchive
Scan within archives and compressed files. If you turn off this option, the original files will still be scanned, but
without unpacking and additional processing.
Default: yes