Question regarding clamd.conf parameters..
Dhawal Doshy
dhawal at NETMAGICSOLUTIONS.COM
Wed Jun 29 13:26:50 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Dhawal Doshy wrote:
> Julian Field wrote:
>
>>>
>>> If clamd.conf is used by MS
>>
>>
>>
>> It's not.
>>
>>> then is it possible to incorporate clamd.conf related parameters in
>>> the next version of MailScanner? something like the current limits
>>> set for clamavmodule.. OR would you rather have people modify the
>>> clamd.conf files?
>>
>>
>> You'll need to refer to a clam expert here, I just use it and it
>> appears to work well enough for me, but there again I use 3 virus
>> scanners anyway.
>>
>
> Thanks for the clarification.. i'll dig in a bit more and post the
> results if anyone is interested..
>
Here's some gyan (meaning: 'unsolicited advice' in corrupt hindi) on
clamavmodule and libclamav
The following exportable constants are allowed:
http://cpan.gossamer-threads.com/modules/by-authors/id/S/SA/SABECK/Mail-ClamAV-0.17.readme
Further reference is provided here:
http://www.clamav.net/doc/0.86.1/html/node41.html
Also important to mention is the fact the "if no flags are provided; the
defaults from clamd.conf apply", which implies that if clamd.conf is
found / readable by the Mail::ClamAV module (libclamav) then it'll
inherit properties specified in the clamd.conf file.
Some important parameters that you'd want to set / unset in clamd.conf
(if it exists) are:
MaxDirectoryRecursion: default 15
DetectBrokenExecutables: default disabled (but enabled in dag's rpms)
ArchiveMaxFileSize: Default 10M
ArchiveMaxRecursion: Default 8
ArchiveMaxFiles: Default 250 (set to 1500 in dag's rpms)
ArchiveBlockEncrypted: Default disabled (but enabled in dag's rpms)
ArchiveBlockMax: Default disabled (but enabled in dag's rpms)
ArchiveMaxCompressionRatio: Default 250 (set to 300 in dag's rpms)
So i'd prefer removing clamd.conf completely, but for testing purposes i
am commenting out the following
ArchiveBlockEncrypted (this will mark encrypted archives as viruses)
ArchiveBlockMax (this will mark archives as viruses if ArchiveMaxFiles,
ArchiveMaxFileSize, or ArchiveMaxRecursion limits are reached)
- dhawal
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list