Configuration Parameters

The component uses configuration parameters which are specified in [CLAMD] section of the integrated configuration file of Dr.Web for UNIX File Servers.

LogLevel = {logging level}

Logging level for Dr.Web ClamD.

If the parameter value is not specified, the value of DefaultLogLevel from [Root] section is used.

Default value:

LogLevel = Notice

Log = {log type}

Logging method

Default value:

Log = Auto

ExePath = {path to file}

Path to the executable of Dr.Web ClamD.

Default value:

ExePath = <opt_dir>/bin/drweb-clamd

For Linux:

ExePath = /opt/drweb.com/bin/drweb-clamd

For FreeBSD:

ExePath = /usr/local/libexec/drweb.com/bin/drweb-clamd

For Solaris:

ExePath = /opt/drweb.com/bin/drweb-clamd

Start = {Boolean}

The component must be run by a configuration daemon Dr.Web ConfigD.

Default value:

Start = Yes

Endpoint.<tag>.ClamdSocket = {IP address |
UNIX socket}

Defines a connection point with the name <tag> and socket (IPv4 address or address of UNIX socket) for clients that need to check files for threats.

For one connection point <tag>, several sockets can be specified. For that, specify the parameter several times with the same prefix Endpoint.<tag>.

Default value:

Endpoint.<tag>.ClamdSocket =

[Endpoint.<tag>.]ReadTimeout = {time interval}

Sets the maximum time to wait for data from client.

If Endpoint.<tag> prefix is specified, the parameter is considered defined for the <tag> point; otherwise, it is considered defined for all points which do not have another value of this parameter specified for them.

Default value:

[Endpoint.<tag>.]ReadTimeout = 5s

[Endpoint.<tag>.]StreamMaxLength = {size}

Sets the maximum size of data which can be received from client (for transmitting data to scan as a stream of bytes).

Default value:

[Endpoint.<tag>.]StreamMaxLength = 25mb

[Endpoint.<tag>.]ScanTimeout = {time interval}

Sets the maximum time to scan one file (or one portion of data) received from client.

Default value:

[Endpoint.<tag>.]ScanTimeout = 30s

[Endpoint.<tag>.]HeuristicAnalysis = {On | Off}

Indicates whether heuristic analysis is used for scanning.

Default value:

[Endpoint.<tag>.]HeuristicAnalysis = On

[Endpoint.<tag>.]PackerMaxLevel = {integer}

Sets the maximum nesting level of packed objects that can be scanned.

Default value:

[Endpoint.<tag>.]PackerMaxLevel = 8

[Endpoint.<tag>.]ArchiveMaxLevel = {integer}

Sets the maximum nesting level of archives that can be scanned.

Default value:

Endpoint.<tag>.]ArchiveMaxLevel = 8

[Endpoint.<tag>.]MailMaxLevel = {integer}

Sets the maximum nesting level of mail files that can be scanned.

Default value:

[Endpoint.<tag>.]MailMaxLevel = 8

[Endpoint.<tag>.]ContainerMaxLevel = {integer}

Sets the maximum nesting level of objects in containers that can be scanned.

Default value:

[Endpoint.<tag>.]ContainerMaxLevel = 8

[Endpoint.<tag>.]MaxCompressionRatio = {integer}

Sets the maximum compression ratio for packed objects.

Default value:

[Endpoint.<tag>.]MaxCompressionRatio = 500

Parameters marked by an optional prefix [Endpoint.<tag>.] can be grouped. Each group defines a connection point (endpoint) with a unique <tag>, the identifier of which is used by clients to connect to the module. All scanning parameters that are included in one group define parameters that are applied for scanning data of clients which connected to this point. If the parameter is specified without Endpoint.<tag> prefix, it sets the value for all connection points. If you delete some parameter from section of some connection point, the parameter value for this point will be taken from the corresponding "parent" parameter with the same name (without the Endpoint.<tag> prefix); the default parameter value is not used in this case.

The ClamdSocket parameter must be specified with Endpoint.<tag> prefix as it defines both a listening socket and a group (connection point) where this socket is bound.

Let us assume that we need to have two connection points. The first one is for group of external applications (servers) named servers1 and the second one is for group of servers named servers2. At that, servers from the first group can be connected only via a UNIX socket and servers from the second group—via both a UNIX socket and network connection. Moreover, heuristic analysis is disabled by default, but it must be used for servers from the servers2 group. The following example shows how to configure this.

[ClamD]
HeuristicAnalysis = Off

[ClamD.Endpoint.servers1]
ClamdSocket = /tmp/srv1.socket

[ClamD.Endpoint.servers2]
ClamdSocket = /tmp/srv2.socket
ClamdSocket = 127.0.0.1:1234
HeuristicAnalysis = On

# drweb-ctl cfset ClamD.HeuristicAnalysis Off
# drweb-ctl cfset ClamD.Endpoint.servers1.ClamdSocket /tmp/srv1.socket
# drweb-ctl cfset ClamD.Endpoint.servers2.ClamdSocket /tmp/srv2.socket
# drweb-ctl cfset -a ClamD.Endpoint.servers2.ClamdSocket 127.0.0.1:1234
# drweb-ctl cfset ClamD.Endpoint.servers2.HeuristicAnalysis On

Both ways have an equal effect but if you edit the configuration file, you will also need to apply the changed settings by sending a SIGHUP signal to drweb-configd module.