Configuration Parameters

Top  Previous  Next

The component uses configuration parameters which are specified in the [ClamD] section of the integrated configuration file of Dr.Web for UNIX Internet Gateways.

The section contains the following parameters:

LogLevel

{logging level}

Logging level of the component.

If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method

ExePath

{path to file}

Path to the executable file of the component.

Default value: <opt_dir>/bin/drweb-clamd

For Linux, Solaris: /opt/drweb.com/bin/drweb-clamd

For FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-clamd

Start

{Boolean}

The component must be launched by the Dr.Web ConfigD configuration daemon.

When you specify the Yes value for this parameter, it instructs the configuration daemon to start the component immediately; and when you specify the No value, it instructs the configuration daemon to terminate the component immediately.

Default value: No

Endpoint.<tag>.ClamdSocket

{IP address | UNIX socket}

Defines a new connection point naming it <tag> and allocates a socket (IPv4 address or address of a UNIX socket) for clients that need to check files for threats.

Only one socket can be specified for one <tag> point.

Default value: (not specified)

[Endpoint.<tag>.]DetectSuspicious

{Boolean}

Inform about suspicious files detected by the heuristic analyzer.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: Yes

[Endpoint.<tag>.]DetectAdware

{Boolean}

Inform about files containing adware.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: Yes

[Endpoint.<tag>.]DetectDialers

{Boolean}

Inform about files containing dialers.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: Yes

[Endpoint.<tag>.]DetectJokes

{Boolean}

Inform about files containing jokes.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: No

[Endpoint.<tag>.]DetectRiskware

{Boolean}

Inform about files containing riskware.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: No

[Endpoint.<tag>.]DetectHacktools

{Boolean}

Inform about files containing hacktools.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: No

[Endpoint.<tag>.]ReadTimeout

{time interval}

Sets the maximum time to wait for data from a client.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: 5s

[Endpoint.<tag>.]StreamMaxLength

{size}

Sets the maximum size of data that can be received from a client (for transmitting data to scan as a stream of bytes).

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: 25mb

[Endpoint.<tag>.]ScanTimeout

{time interval}

Sets the maximum time to scan one file (or one portion of data) received from a client.

A value in the range from 1s to 1h can be specified

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: 3m

[Endpoint.<tag>.]HeuristicAnalysis

{On | Off}

Indicates whether heuristic analysis is used for scanning.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: On

[Endpoint.<tag>.]PackerMaxLevel

{integer}

Sets the maximum nesting level of packed objects that can be scanned.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: 8

[Endpoint.<tag>.]ArchiveMaxLevel

{integer}

Sets the maximum nesting level of archives that can be scanned.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: 8

[Endpoint.<tag>.]MailMaxLevel

{integer}

Sets the maximum nesting level of mail files that can be scanned.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: 8

[Endpoint.<tag>.]ContainerMaxLevel

{integer}

Sets the maximum nesting level of objects in containers that can be scanned.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

If the Endpoint.<tag> prefix is specified, it means that the parameter’s value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.

Default value: 8

[Endpoint.<tag>.]MaxCompressionRatio

{integer}

Sets the maximum allowed compression ratio of compressed/packed objects (ratio between the uncompressed size and the compressed size). If the ratio of an object exceeds the limit, this object will be skipped during the scanning.

The compression ratio must not be smaller than 2.

Default value: 500

Special Aspects of Component Configuration

Parameters marked with an optional Endpoint.<tag> prefix can be grouped. Each group defines a unique connection point (endpoint) that can be used by clients to connect to the component and has a unique <tag> identifier assigned to it. All the scanning parameters belonging to the same group define the settings that are applicable only when data is scanned for the clients connected to the corresponding connection point. If a parameter is specified without an Endpoint.<tag>, prefix, this sets the value for all connection points. If you delete some parameter from some connection point, then instead of reverting to the program’s hard-coded default value for this parameter, the program will use the current value of the corresponding “parent” parameter of the same name (set without the Endpoint.<tag> prefix).

The ClamdSocket parameter must always be specified with an Endpoint.<tag> prefix, as it defines both a listening socket and a group (connection point) to which this socket corresponds.

Example:

Let us assume that we need to set up two connection points for two groups of external applications (servers) — let the groups be called servers1 and servers2. And the servers from the servers1 group can connect through a UNIX socket, whereas the servers form the servers2 group can connect via a network connection. Moreover, let us assume that heuristic analysis must be disabled by default, but must be used for servers from the servers2 group. The following example shows how to configure this:

1)In the configuration file:

[ClamD]
HeuristicAnalysis = Off
 
[ClamD.Endpoint.servers1]
ClamdSocket = /tmp/srv1.socket
 
[ClamD.Endpoint.servers2]
ClamdSocket = 127.0.0.1:1234
HeuristicAnalysis = On

2)For command-line-based management tool Dr.Web Ctl:

# drweb-ctl cfset ClamD.HeuristicAnalysis Off
# drweb-ctl cfset ClamD.Endpoint -a servers1
# drweb-ctl cfset ClamD.Endpoint -a servers2
# drweb-ctl cfset ClamD.Endpoint.servers1.ClamdSocket /tmp/srv1.socket
# drweb-ctl cfset ClamD.Endpoint.servers2.ClamdSocket 127.0.0.1:1234
# drweb-ctl cfset ClamD.Endpoint.servers2.HeuristicAnalysis On

Both ways have an equal effect but if you edit the configuration file, you will also need to apply the changed settings by sending a SIGHUP signal to the drweb-configd component (to do that, you can issue the drweb-ctl reload command).