Milter socket -
The interface through which we communicate with postfix.
unix:/path/to/file - to specify a unix domain socket.
inet:port@[hostname|ip-address] - to specify an ipv4 socket.
inet6:port@[hostname|ip-address] - to specify an ipv6 socket.
Milter socket group -
The group ownership for the (unix) milter socket.
Milter socket mode -
The permissions on the (unix) milter socket to the specified mode.
Fix stale socket -
Remove stale socket after unclean shutdown.
Run as another user (clamav-milter must be started by root for this option to work).
Allow supplementary groups -
Initialize supplementary group access (clamav-milter must be started by root).
Read timeout -
Waiting for data from clamd will timeout after this time (seconds).
Do not fork into background.
Pid file -
Save a process identifier of the listening daemon (main thread).
Temporary directory -
Optional path to the global temporary directory.
Clamd socket -
The clamd socket to connect to for scanning.
Local nets -
Messages originating from these hosts/networks will not be scanned.
Path to filename that excludes senders or recipients from anti-virus scanning.
Path to filename that excludes authenticated senders from anti-virus scanning.
Max file size -
Messages larger than this value will not be scanned. Make sure this value is lower or equal than StreamMaxLength in clamd.conf
On clean -
Action to be performed on clean messages (mostly useful for testing).
On infected -
Action to be performed on infected messages.
On fail -
Action to be performed on error conditions (this includes failure to allocate data structures, no scanners available, network timeouts, unknown scanner replies and the like).
Reject message -
Set a specific rejection reason for infected messages. Only useful together with "OnInfected Reject". The string "%v", if present, will be replaced with the virus name.
Default: "REJECT - AntiVirus detected: %v"
Add header -
If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing headers. If it is set to Add, the X-Virus headers are added possibly on top of the existing ones. Note that while "Replace" can potentially break DKIM signatures, "Add" may confuse procmail and similar filters.
Report hostname -
When AddHeader is in use, this option allows to arbitrary set the reported hostname. This may be desirable in order to avoid leaking internal names. If unset the real machine name is used.
Virus action -
Execute a command when an infected message is found.
Log file -
The log file must be writable for the user running daemon. A full path is required.
Log File unlock -
Disables log file locking. By default the log file is locked for writing - the lock protects against running clamav-milter multiple times.
Log file max size -
Maximum size of the log file. A value of 0 disabled the limit. You may use M/m for megabytes or K/k for kilobytes. To specify the size in bytes just do not use modifiers. If LogFileMaxSize is enabled log rotation (the LogRotate option) will always be enabled.
Log time -
Log the time with each message.
Log syslog -
Use the system logger. This can work together with LogFile.
Log facility -
Specify the type of syslog messages - please refer to "man syslog"
Log verbose -
Enable verbose logging.
Log rotate -
Enable log rotation. Always enabled when LogFileMaxSize is enabled. Full (verbose info logged).
Log infected -
Tune what is logged when a message is infected. Basic (minimal info logged)
Log clean -
Tune what is logged when no threat is found in a scanned message. Useful in debugging but drastically increases the log size.
Support multiple recipients -
This option affects the behaviour of
VirusAction when a message with multiple recipients is
SupportMultipleRecipients is off (the default) then one single log entry is generated for the message and,
in case the message is determined to be malicious, the command indicated by VirusAction is executed just once. In both
cases only the last recipient is reported. If
SupportMultipleRecipients is on: then one line is logged for each
recipient and the command indicated by VirusAction is also executed once for each recipient.