Clamd: add booleans for some heuristic alerts
This commit is contained in:
parent
e6cbfbab5a
commit
9fe23ece5c
|
@ -52,6 +52,11 @@ clamav_clamd_archives_scan: 'yes'
|
|||
clamav_clamd_max_scan_time: 120000
|
||||
# Options: None, TrustSigned, Paranoid. Stick to the default
|
||||
clamav_clamd_bytecode_security: 'TrustSigned'
|
||||
clamav_clamd_heuristic_broken_executable: 'yes'
|
||||
clamav_clamd_heuristic_ole_macros: 'no'
|
||||
clamav_clamd_heuristic_phishing_ssl_mismatch: 'yes'
|
||||
clamav_clamd_heuristic_phishing_cloak: 'yes'
|
||||
clamav_clamd_heuristic_partition_intersection: 'yes'
|
||||
|
||||
clamav_additional_signatures_use_proxy: False
|
||||
clamav_additional_signatures_use_proxy_auth: False
|
||||
|
|
|
@ -241,7 +241,7 @@ HeuristicScanPrecedence {{ clamav_clamd_heuristic_has_precedence }}
|
|||
# With this option clamav will try to detect broken executables (both PE and
|
||||
# ELF) and alert on them with the Broken.Executable heuristic signature.
|
||||
# Default: no
|
||||
#AlertBrokenExecutables yes
|
||||
AlertBrokenExecutables {{ clamav_clamd_heuristic_broken_executable }}
|
||||
|
||||
# Alert on encrypted archives _and_ documents with heuristic signature (encrypted .zip, .7zip, .rar, .pdf).
|
||||
# Default: no
|
||||
|
@ -258,21 +258,21 @@ HeuristicScanPrecedence {{ clamav_clamd_heuristic_has_precedence }}
|
|||
# With this option enabled OLE2 files containing VBA macros, which were not
|
||||
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
|
||||
# Default: no
|
||||
#AlertOLE2Macros yes
|
||||
AlertOLE2Macros {{ clamav_clamd_heuristic_ole_macros }}
|
||||
|
||||
# Alert on SSL mismatches in URLs, even if the URL isn't in the database.
|
||||
# This can lead to false positives.
|
||||
# Default: no
|
||||
#AlertPhishingSSLMismatch yes
|
||||
AlertPhishingSSLMismatch {{ clamav_clamd_heuristic_phishing_ssl_mismatch }}
|
||||
|
||||
# Alert on cloaked URLs, even if URL isn't in database.
|
||||
# This can lead to false positives.
|
||||
# Default: no
|
||||
#AlertPhishingCloak yes
|
||||
AlertPhishingCloak {{ clamav_clamd_heuristic_phishing_cloak }}
|
||||
|
||||
# Alert on raw DMG image files containing partition intersections
|
||||
# Default: no
|
||||
#AlertPartitionIntersection yes
|
||||
AlertPartitionIntersection {{ clamav_clamd_heuristic_partition_intersection }}
|
||||
|
||||
##
|
||||
## Executable files
|
||||
|
|
Loading…
Reference in New Issue