Milter Settings

Milter socket - MilterSocket
The interface through which we communicate with postfix.
unix:/path/to/file - to specify a unix domain socket.
inet:port@[hostname|ip-address] - to specify an ipv4 socket.
inet6:port@[hostname|ip-address] - to specify an ipv6 socket.
Default: unix:/var/run/clamav-milter/clamav-milter.sock

Milter socket group - MilterSocketGroup
The group ownership for the (unix) milter socket.
Default: postfix

Milter socket mode - MilterSocketMode
The permissions on the (unix) milter socket to the specified mode.
Default: 666

Fix stale socket - FixStaleSocket
Remove stale socket after unclean shutdown.
Default: yes

User - User
Run as another user (clamav-milter must be started by root for this option to work).
Default: clamilt

Allow supplementary groups - AllowSupplementaryGroups
Initialize supplementary group access (clamav-milter must be started by root).
Default: yes

Read timeout - ReadTimeout
Waiting for data from clamd will timeout after this time (seconds).
Default: 120

Foreground - Foreground
Do not fork into background.
Default: no

Pid file - PidFile
Save a process identifier of the listening daemon (main thread).
Default: /var/run/clamav-milter/

Temporary directory - TemporaryDirectory
Optional path to the global temporary directory.
Default: /var/tmp

Clamd socket - ClamdSocket
The clamd socket to connect to for scanning.
Default: unix:/var/run/clamd.scan/clamd.sock

Local nets - LocalNet
Messages originating from these hosts/networks will not be scanned.
Default: empty

Whitelist - Whitelist
Path to filename that excludes senders or recipients from anti-virus scanning.
Default: /etc/mail/clamav-milter-whitelist.conf

SkipAuthenticated - SkipAuthenticated
Path to filename that excludes authenticated senders from anti-virus scanning.
Default: file:/etc/mail/clamav-milter-skipauthenticated.conf

Max file size - MaxFileSize
Messages larger than this value will not be scanned. Make sure this value is lower or equal than StreamMaxLength in clamd.conf
Default: 25M

On clean - OnClean
Action to be performed on clean messages (mostly useful for testing).
Default: Accept

On infected - OnInfected
Action to be performed on infected messages.
Default: Reject

On fail - OnFail
Action to be performed on error conditions (this includes failure to allocate data structures, no scanners available, network timeouts, unknown scanner replies and the like).
Default: Defer

Reject message - RejectMsg
Set a specific rejection reason for infected messages. Only useful together with "OnInfected Reject". The string "%v", if present, will be replaced with the virus name.
Default: "REJECT - AntiVirus detected: %v"

Add header - AddHeader
If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing headers. If it is set to Add, the X-Virus headers are added possibly on top of the existing ones. Note that while "Replace" can potentially break DKIM signatures, "Add" may confuse procmail and similar filters.
Default: no

Report hostname - ReportHostname
When AddHeader is in use, this option allows to arbitrary set the reported hostname. This may be desirable in order to avoid leaking internal names. If unset the real machine name is used.
Default: empty

Virus action - VirusAction
Execute a command when an infected message is found.
Default: /usr/local/psa/admin/htdocs/warden/application/scripts/virus_action.php

Log Settings

Log file - LogFile
The log file must be writable for the user running daemon. A full path is required.
Default: /var/log/clamav-milter.log

Log File unlock - LogFileUnlock
Disables log file locking. By default the log file is locked for writing - the lock protects against running clamav-milter multiple times.
Default: no

Log file max size - LogFileMaxSize
Maximum size of the log file. A value of 0 disabled the limit. You may use M/m for megabytes or K/k for kilobytes. To specify the size in bytes just do not use modifiers. If LogFileMaxSize is enabled log rotation (the LogRotate option) will always be enabled.
Default: 1M

Log time - LogTime
Log the time with each message.
Default: yes

Log syslog - LogSyslog
Use the system logger. This can work together with LogFile.
Default: yes

Log facility - LogFacility
Specify the type of syslog messages - please refer to "man syslog"
Default: LOG_LOCAL6

Log verbose - LogVerbose
Enable verbose logging.
Default: no

Log rotate - LogRotate
Enable log rotation. Always enabled when LogFileMaxSize is enabled. Full (verbose info logged).
Default: yes

Log infected - LogInfected
Tune what is logged when a message is infected. Basic (minimal info logged)
Default: Basic

Log clean - LogClean
Tune what is logged when no threat is found in a scanned message. Useful in debugging but drastically increases the log size.
Default: Basic

Support multiple recipients - SupportMultipleRecipients
This option affects the behaviour of LogInfected, LogClean and VirusAction when a message with multiple recipients is scanned: If SupportMultipleRecipients is off (the default) then one single log entry is generated for the message and, in case the message is determined to be malicious, the command indicated by VirusAction is executed just once. In both cases only the last recipient is reported. If SupportMultipleRecipients is on: then one line is logged for each recipient and the command indicated by VirusAction is also executed once for each recipient.
Default: yes

Related Pages