forked from ISTI-ansible-roles/ansible-roles
Role that installs clamav end/or clamav-milter.
This commit is contained in:
parent
f6dcee2182
commit
9d6370b776
|
@ -0,0 +1,89 @@
|
|||
---
|
||||
#
|
||||
# clamd wants a lot of RAM at startup time. Ensure to have at least 4GB of available memory
|
||||
#
|
||||
clamav_install: True
|
||||
clamav_milter_install: False
|
||||
clamav_unofficial_sigs_install: '{{ clamav_install }}'
|
||||
|
||||
clamav_rh_pkgs:
|
||||
- clamd
|
||||
- clamav-filesystem
|
||||
- clamav
|
||||
- clamav-data
|
||||
- clamav-lib
|
||||
- clamav-update
|
||||
|
||||
clamav_milter_rh_pkgs:
|
||||
- clamav-milter
|
||||
|
||||
clamav_unofficial_sigs_rh_pkgs:
|
||||
- clamav-unofficial-sigs
|
||||
|
||||
clamav_clamd_user: clamscan
|
||||
clamav_clamd_conf_file: '/etc/clamd.d/scan.conf'
|
||||
clamav_clamd_verbose_logging: 'yes'
|
||||
clamav_clamd_extended_info: 'yes'
|
||||
clamav_clamd_pidfile: '/run/clamd.scan/clamd.pid'
|
||||
clamav_clamd_tmp: '/var/tmp'
|
||||
clamav_clamd_official_db_only: 'no'
|
||||
clamav_clamd_use_local_socket: True
|
||||
clamav_clamd_local_socket: '/run/clamd.scan/clamd.sock'
|
||||
clamav_clamd_use_net_socket: False
|
||||
clamav_clamd_net_socket_port: 3310
|
||||
clamav_clamd_net_main_socket_addr: '127.0.0.1'
|
||||
clamav_clamd_net_socket_addrs:
|
||||
- '{{ clamav_clamd_net_main_socket_addr }}'
|
||||
# Set this to your MTA max message size. Expressed in MB (M)
|
||||
clamav_clamd_stream_max_lenght: 25
|
||||
clamav_clamd_detect_pua: True
|
||||
clamav_clamd_heuristic_alert: 'yes'
|
||||
clamav_clamd_heuristic_has_precedence: 'no'
|
||||
clamav_clamd_additional_doc_scanning: True
|
||||
clamav_clamd_email_scan: 'yes'
|
||||
clamav_clamd_html_scan: 'yes'
|
||||
clamav_clamd_archives_scan: 'yes'
|
||||
clamav_clamd_max_scan_time: 120000
|
||||
# Options: None, TrustSigned, Paranoid. Stick to the default
|
||||
clamav_clamd_bytecode_security: 'TrustSigned'
|
||||
|
||||
clamav_additional_signatures_use_proxy: False
|
||||
clamav_additional_signatures_use_proxy_auth: False
|
||||
clamav_additional_signatures_proxy_host: ''
|
||||
clamav_additional_signatures_proxy_port: 3128
|
||||
clamav_additional_signatures_proxy_user: ''
|
||||
clamav_additional_signatures_proxy_pwd: ''
|
||||
|
||||
# Freshclam
|
||||
clamav_freshclam_check_frequency: 12
|
||||
clamav_freshclam_use_proxy: False
|
||||
clamav_freshclam_use_proxy_auth: False
|
||||
clamav_freshclam_proxy_host: ''
|
||||
clamav_freshclam_proxy_port: 3128
|
||||
clamav_freshclam_proxy_user: ''
|
||||
clamav_freshclam_proxy_pwd: ''
|
||||
clamav_freshclam_reload_clamd: True
|
||||
clamav_freshclam_enable_safebrowsing: 'no'
|
||||
clamav_freshclam_enable_bytecode: 'yes'
|
||||
#clamav_freshclam_additional_databases:
|
||||
# - ''
|
||||
# - ''
|
||||
|
||||
# tcp example: inet:7357@127.0.0.1
|
||||
clamav_milter_socket: 'local:/run/clamav-milter/clamav-milter.socket'
|
||||
clamav_milter_use_whitelist_file: False
|
||||
clamav_milter_whitelist_file: '/etc/mail/clamav-whitelist'
|
||||
clamav_milter_use_skip_authenticated_file: False
|
||||
clamav_milter_skip_authenticated_file: '/etc/mail/clamav-skip-authenticated'
|
||||
clamav_milter_onclean_action: 'Accept'
|
||||
clamav_milter_oninfected_action: 'Reject'
|
||||
clamav_milter_onfail_action: 'Defer'
|
||||
clamav_milter_send_reject_msg: True
|
||||
clamav_milter_reject_msg: 'Virus %v present, email rejected!'
|
||||
clamav_milter_add_header: True
|
||||
clamav_milter_add_header_action: 'Add'
|
||||
clamav_milter_report_hostname: '{{ ansible_fqdn }}'
|
||||
clamav_milter_clamd_net_socket_addrs:
|
||||
- { addr: '{{ clamav_clamd_net_main_socket_addr }}', port: '{{ clamav_clamd_net_socket_port }}' }
|
||||
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: Reload clamd
|
||||
service: name=clamd@scan state=reloaded enabled=yes
|
||||
|
||||
- name: Restart clamd
|
||||
service: name=clamd@scan state=restarted enabled=yes
|
||||
|
||||
- name: Restart clamav-milter
|
||||
service: name=clamav-milter state=restarted enabled=yes
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
- name: Install the clamav packages
|
||||
block:
|
||||
- name: Install the clamav packages on RH based systems
|
||||
yum: pkg={{ clamav_rh_pkgs }} state=present
|
||||
when: clamav_install | bool
|
||||
|
||||
- name: Install the clamav unofficial signature packages on RH based systems
|
||||
yum: pkg={{ clamav_unofficial_sigs_rh_pkgs }} state=present
|
||||
when: clamav_unofficial_sigs_install | bool
|
||||
|
||||
- name: Install the clamav milter packages on RH based systems
|
||||
yum: pkg={{ clamav_milter_rh_pkgs}} state=present
|
||||
when: clamav_milter_install | bool
|
||||
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'clamav', 'clamav_clamd' ]
|
||||
|
||||
- name: Configure freshclam and clamd
|
||||
block:
|
||||
- name: Install the clamd configuration
|
||||
template: src=scan.conf.j2 dest={{ clamav_clamd_conf_file }} owner=root group=root mode=0444
|
||||
notify: Reload clamd
|
||||
|
||||
- name: Install the freshclam configuration
|
||||
template: src=freshclam.conf.j2 dest=/etc/freshclam.conf owner=root group=root mode=0400
|
||||
|
||||
- name: Ensure that the clamd service is running and enabled
|
||||
service: name=clamd@scan state=started enabled=yes
|
||||
|
||||
when: clamav_install | bool
|
||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config' ]
|
||||
|
||||
- name: Configure clamav unofficial sigs
|
||||
block:
|
||||
- name: Install the unofficial sigs configuration files
|
||||
template: src={{ item }}.j2 dest=/etc/clamav-unofficial-sigs/{{ item }} owner=root group=root mode=0444
|
||||
with_items:
|
||||
- os.conf
|
||||
- user.conf
|
||||
|
||||
when: clamav_unofficial_sigs_install | bool
|
||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config' ]
|
||||
|
||||
- name: Configure clamav milter
|
||||
block:
|
||||
- name: Install the clamav milter configuration
|
||||
template: src=clamav-milter.conf.j2 dest=/etc/mail/clamav-milter.conf owner=root group=root mode=0444
|
||||
notify: Restart clamav-milter
|
||||
|
||||
- name: Ensure that clamav milter is running and enabled
|
||||
service: name=clamav-milter state=started enabled=yes
|
||||
|
||||
when: clamav_milter_install | bool
|
||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config' ]
|
|
@ -0,0 +1,302 @@
|
|||
##
|
||||
## Example config file for clamav-milter
|
||||
##
|
||||
|
||||
##
|
||||
## Main options
|
||||
##
|
||||
|
||||
# Define the interface through which we communicate with sendmail
|
||||
# This option is mandatory! Possible formats are:
|
||||
# [[unix|local]:]/path/to/file - to specify a unix domain socket
|
||||
# inet:port@[hostname|ip-address] - to specify an ipv4 socket
|
||||
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
|
||||
#
|
||||
# Default: no default
|
||||
#MilterSocket local:/run/clamav-milter/clamav-milter.socket
|
||||
MilterSocket {{ clamav_milter_socket }}
|
||||
|
||||
# Define the group ownership for the (unix) milter socket.
|
||||
# Default: disabled (the primary group of the user running clamd)
|
||||
#MilterSocketGroup virusgroup
|
||||
|
||||
# Sets the permissions on the (unix) milter socket to the specified mode.
|
||||
# Default: disabled (obey umask)
|
||||
MilterSocketMode 660
|
||||
|
||||
# Remove stale socket after unclean shutdown.
|
||||
#
|
||||
# Default: yes
|
||||
FixStaleSocket yes
|
||||
|
||||
# Run as another user (clamav-milter must be started by root for this option
|
||||
# to work)
|
||||
#
|
||||
# Default: unset (don't drop privileges)
|
||||
User clamilt
|
||||
|
||||
# Waiting for data from clamd will timeout after this time (seconds).
|
||||
# Value of 0 disables the timeout.
|
||||
#
|
||||
# Default: 120
|
||||
#ReadTimeout 300
|
||||
|
||||
# Don't fork into background.
|
||||
#
|
||||
# Default: no
|
||||
#Foreground yes
|
||||
|
||||
# Chroot to the specified directory.
|
||||
# Chrooting is performed just after reading the config file and before
|
||||
# dropping privileges.
|
||||
#
|
||||
# Default: unset (don't chroot)
|
||||
#Chroot /newroot
|
||||
|
||||
# This option allows you to save a process identifier of the listening
|
||||
# daemon (main thread).
|
||||
#
|
||||
# Default: disabled
|
||||
PidFile /run/clamav-milter/clamav-milter.pid
|
||||
|
||||
# Optional path to the global temporary directory.
|
||||
# Default: system specific (usually /tmp or /var/tmp).
|
||||
#
|
||||
TemporaryDirectory /var/tmp
|
||||
|
||||
##
|
||||
## Clamd options
|
||||
##
|
||||
|
||||
# Define the clamd socket to connect to for scanning.
|
||||
# This option is mandatory! Syntax:
|
||||
# ClamdSocket unix:path
|
||||
# ClamdSocket tcp:host:port
|
||||
# The first syntax specifies a local unix socket (needs an absolute path) e.g.:
|
||||
# ClamdSocket unix:/var/run/clamd/clamd.socket
|
||||
# The second syntax specifies a tcp local or remote tcp socket: the
|
||||
# host can be a hostname or an ip address; the ":port" field is only required
|
||||
# for IPv6 addresses, otherwise it defaults to 3310, e.g.:
|
||||
# ClamdSocket tcp:192.168.0.1
|
||||
#
|
||||
# This option can be repeated several times with different sockets or even
|
||||
# with the same socket: clamd servers will be selected in a round-robin
|
||||
# fashion.
|
||||
#
|
||||
# Default: no default
|
||||
{% if clamav_clamd_use_local_socket %}
|
||||
ClamdSocket unix:{{ clamav_clamd_local_socket }}
|
||||
{% elif clamav_clamd_use_net_socket %}
|
||||
{% for clamsock in clamav_milter_clamd_net_socket_addrs %}
|
||||
ClamdSocket tcp:{{ clamsock.addr }}:{{ clamsock.port }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
##
|
||||
## Exclusions
|
||||
##
|
||||
|
||||
# Messages originating from these hosts/networks will not be scanned
|
||||
# This option takes a host(name)/mask pair in CIRD notation and can be
|
||||
# repeated several times. If "/mask" is omitted, a host is assumed.
|
||||
# To specify a locally originated, non-smtp, email use the keyword "local"
|
||||
#
|
||||
# Default: unset (scan everything regardless of the origin)
|
||||
#LocalNet local
|
||||
#LocalNet 192.168.0.0/24
|
||||
#LocalNet 1111:2222:3333::/48
|
||||
|
||||
# This option specifies a file which contains a list of basic POSIX regular
|
||||
# expressions. Addresses (sent to or from - see below) matching these regexes
|
||||
# will not be scanned. Optionally each line can start with the string "From:"
|
||||
# or "To:" (note: no whitespace after the colon) indicating if it is,
|
||||
# respectively, the sender or recipient that is to be whitelisted.
|
||||
# If the field is missing, "To:" is assumed.
|
||||
# Lines starting with #, : or ! are ignored.
|
||||
#
|
||||
# Default unset (no exclusion applied)
|
||||
#Whitelist /etc/whitelisted_addresses
|
||||
{% if clamav_milter_use_whitelist_file %}
|
||||
Whitelist {{ clamav_milter_whitelist_file }}
|
||||
{% endif %}
|
||||
# Messages from authenticated SMTP users matching this extended POSIX
|
||||
# regular expression (egrep-like) will not be scanned.
|
||||
# As an alternative, a file containing a plain (not regex) list of names (one
|
||||
# per line) can be specified using the prefix "file:".
|
||||
# e.g. SkipAuthenticated file:/etc/good_guys
|
||||
#
|
||||
# Note: this is the AUTH login name!
|
||||
#
|
||||
# Default: unset (no whitelisting based on SMTP auth)
|
||||
{% if clamav_milter_use_skip_authenticated_file %}
|
||||
SkipAuthenticated file:{{ clamav_milter_skip_authenticated_file }}
|
||||
{% endif %}
|
||||
|
||||
# Messages larger than this value won't be scanned.
|
||||
# Make sure this value is lower or equal than StreamMaxLength in clamd.conf
|
||||
#
|
||||
# Default: 25M
|
||||
MaxFileSize {{ clamav_clamd_stream_max_lenght }}M
|
||||
|
||||
##
|
||||
## Actions
|
||||
##
|
||||
|
||||
# The following group of options controls the delivery process under
|
||||
# different circumstances.
|
||||
# The following actions are available:
|
||||
# - Accept
|
||||
# The message is accepted for delivery
|
||||
# - Reject
|
||||
# Immediately refuse delivery (a 5xx error is returned to the peer)
|
||||
# - Defer
|
||||
# Return a temporary failure message (4xx) to the peer
|
||||
# - Blackhole (not available for OnFail)
|
||||
# Like Accept but the message is sent to oblivion
|
||||
# - Quarantine (not available for OnFail)
|
||||
# Like Accept but message is quarantined instead of being delivered
|
||||
#
|
||||
# NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ
|
||||
# For Postfix this causes the message to be placed on hold
|
||||
#
|
||||
# Action to be performed on clean messages (mostly useful for testing)
|
||||
# Default: Accept
|
||||
OnClean {{ clamav_milter_onclean_action }}
|
||||
|
||||
# Action to be performed on infected messages
|
||||
# Default: Quarantine
|
||||
#OnInfected Quarantine
|
||||
OnInfected {{ clamav_milter_oninfected_action }}
|
||||
|
||||
# Action to be performed on error conditions (this includes failure to
|
||||
# allocate data structures, no scanners available, network timeouts,
|
||||
# unknown scanner replies and the like)
|
||||
# Default: Defer
|
||||
OnFail {{ clamav_milter_onfail_action }}
|
||||
|
||||
# This option allows to set a specific rejection reason for infected messages
|
||||
# and it's therefore only useful together with "OnInfected Reject"
|
||||
# The string "%v", if present, will be replaced with the virus name.
|
||||
# Default: MTA specific
|
||||
{% if clamav_milter_send_reject_msg %}
|
||||
RejectMsg "{{ clamav_milter_reject_msg }}"
|
||||
{% endif %}
|
||||
|
||||
{% if clamav_milter_add_header %}
|
||||
# If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an
|
||||
# "X-Virus-Status" headers will be attached to each processed message, possibly
|
||||
# replacing existing headers.
|
||||
# If it is set to Add, the X-Virus headers are added possibly on top of the
|
||||
# existing ones.
|
||||
# Note that while "Replace" can potentially break DKIM signatures, "Add" may
|
||||
# confuse procmail and similar filters.
|
||||
# Default: no
|
||||
AddHeader {{ clamav_milter_add_header_action }}
|
||||
|
||||
# When AddHeader is in use, this option allows to arbitrary set the reported
|
||||
# hostname. This may be desirable in order to avoid leaking internal names.
|
||||
# If unset the real machine name is used.
|
||||
# Default: disabled
|
||||
ReportHostname {{ clamav_milter_report_hostname }}
|
||||
{% endif %}
|
||||
|
||||
# Execute a command (possibly searching PATH) when an infected message is
|
||||
# found.
|
||||
# The following parameters are passed to the invoked program in this order:
|
||||
# virus name, queue id, sender, destination, subject, message id, message date.
|
||||
# Note #1: this requires MTA macroes to be available (see LogInfected below)
|
||||
# Note #2: the process is invoked in the context of clamav-milter
|
||||
# Note #3: clamav-milter will wait for the process to exit. Be quick or fork to
|
||||
# avoid unnecessary delays in email delivery
|
||||
# Default: disabled
|
||||
#VirusAction /usr/local/bin/my_infected_message_handler
|
||||
|
||||
##
|
||||
## Logging options
|
||||
##
|
||||
|
||||
# Uncomment this option to enable logging.
|
||||
# LogFile must be writable for the user running daemon.
|
||||
# A full path is required.
|
||||
#
|
||||
# Default: disabled
|
||||
#LogFile /var/log/clamav-milter.log
|
||||
|
||||
# By default the log file is locked for writing - the lock protects against
|
||||
# running clamav-milter multiple times.
|
||||
# This option disables log file locking.
|
||||
#
|
||||
# Default: no
|
||||
#LogFileUnlock yes
|
||||
|
||||
# Maximum size of the log file.
|
||||
# Value of 0 disables the limit.
|
||||
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
|
||||
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
|
||||
# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
|
||||
# rotation (the LogRotate option) will always be enabled.
|
||||
#
|
||||
# Default: 1M
|
||||
#LogFileMaxSize 2M
|
||||
|
||||
# Log time with each message.
|
||||
#
|
||||
# Default: no
|
||||
#LogTime yes
|
||||
|
||||
# Use system logger (can work together with LogFile).
|
||||
#
|
||||
# Default: no
|
||||
LogSyslog yes
|
||||
|
||||
# Specify the type of syslog messages - please refer to 'man syslog'
|
||||
# for facility names.
|
||||
#
|
||||
# Default: LOG_LOCAL6
|
||||
#LogFacility LOG_MAIL
|
||||
|
||||
# Enable verbose logging.
|
||||
#
|
||||
# Default: no
|
||||
LogVerbose yes
|
||||
|
||||
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
|
||||
# Default: no
|
||||
#LogRotate yes
|
||||
|
||||
# This option allows to tune what is logged when a message is infected.
|
||||
# Possible values are Off (the default - nothing is logged),
|
||||
# Basic (minimal info logged), Full (verbose info logged)
|
||||
# Note:
|
||||
# For this to work properly in sendmail, make sure the msg_id, mail_addr,
|
||||
# rcpt_addr and i macroes are available in eom. In other words add a line like:
|
||||
# Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i
|
||||
# to your .cf file. Alternatively use the macro:
|
||||
# define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')
|
||||
# Postfix should be working fine with the default settings.
|
||||
#
|
||||
# Default: disabled
|
||||
LogInfected Basic
|
||||
|
||||
# This option allows to tune what is logged when no threat is found in
|
||||
# a scanned message.
|
||||
# See LogInfected for possible values and caveats.
|
||||
# Useful in debugging but drastically increases the log size.
|
||||
# Default: disabled
|
||||
LogClean Basic
|
||||
|
||||
# This option affects the behaviour of LogInfected, LogClean and VirusAction
|
||||
# when a message with multiple recipients is scanned:
|
||||
# If SupportMultipleRecipients is off (the default)
|
||||
# then one single log entry is generated for the message and, in case the
|
||||
# message is determined to be malicious, the command indicated by VirusAction
|
||||
# is executed just once. In both cases only the last recipient is reported.
|
||||
# If SupportMultipleRecipients is on:
|
||||
# then one line is logged for each recipient and the command indicated
|
||||
# by VirusAction is also executed once for each recipient.
|
||||
#
|
||||
# Note: although it's probably a good idea to enable this option, the default
|
||||
# value
|
||||
# is currently set to off for legacy reasons.
|
||||
# Default: no
|
||||
SupportMultipleRecipients no
|
|
@ -0,0 +1,193 @@
|
|||
# Path to the database directory.
|
||||
# WARNING: It must match clamd.conf's directive!
|
||||
# Default: hardcoded (depends on installation options)
|
||||
DatabaseDirectory /var/lib/clamav
|
||||
|
||||
# Path to the log file (make sure it has proper permissions)
|
||||
# Default: disabled
|
||||
#UpdateLogFile /var/log/freshclam.log
|
||||
|
||||
# Maximum size of the log file.
|
||||
# Value of 0 disables the limit.
|
||||
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
|
||||
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
|
||||
# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
|
||||
# log rotation (the LogRotate option) will always be enabled.
|
||||
# Default: 1M
|
||||
#LogFileMaxSize 2M
|
||||
|
||||
# Log time with each message.
|
||||
# Default: no
|
||||
#LogTime yes
|
||||
|
||||
# Enable verbose logging.
|
||||
# Default: no
|
||||
#LogVerbose yes
|
||||
|
||||
# Use system logger (can work together with UpdateLogFile).
|
||||
# Default: no
|
||||
LogSyslog yes
|
||||
|
||||
# Specify the type of syslog messages - please refer to 'man syslog'
|
||||
# for facility names.
|
||||
# Default: LOG_LOCAL6
|
||||
#LogFacility LOG_MAIL
|
||||
|
||||
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
|
||||
# Default: no
|
||||
#LogRotate yes
|
||||
|
||||
# This option allows you to save the process identifier of the daemon
|
||||
# Default: disabled
|
||||
#PidFile /var/run/freshclam.pid
|
||||
|
||||
# By default when started freshclam drops privileges and switches to the
|
||||
# "clamav" user. This directive allows you to change the database owner.
|
||||
# Default: clamav (may depend on installation options)
|
||||
#DatabaseOwner clamupdate
|
||||
|
||||
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
|
||||
# to verify database and software versions. With this directive you can change
|
||||
# the database verification domain.
|
||||
# WARNING: Do not touch it unless you're configuring freshclam to use your
|
||||
# own database verification domain.
|
||||
# Default: current.cvd.clamav.net
|
||||
#DNSDatabaseInfo current.cvd.clamav.net
|
||||
|
||||
# database.clamav.net is now the primary domain name to be used world-wide.
|
||||
# Now that CloudFlare is being used as our Content Delivery Network (CDN),
|
||||
# this one domain name works world-wide to direct freshclam to the closest
|
||||
# geographic endpoint.
|
||||
DatabaseMirror database.clamav.net
|
||||
|
||||
# How many attempts to make before giving up.
|
||||
# Default: 3 (per mirror)
|
||||
#MaxAttempts 5
|
||||
|
||||
# With this option you can control scripted updates. It's highly recommended
|
||||
# to keep it enabled.
|
||||
# Default: yes
|
||||
ScriptedUpdates yes
|
||||
|
||||
# By default freshclam will keep the local databases (.cld) uncompressed to
|
||||
# make their handling faster. With this option you can enable the compression;
|
||||
# the change will take effect with the next database update.
|
||||
# Default: no
|
||||
#CompressLocalDatabase no
|
||||
|
||||
# With this option you can provide custom sources (http:// or file://) for
|
||||
# database files. This option can be used multiple times.
|
||||
# Default: no custom URLs
|
||||
#DatabaseCustomURL http://myserver.com/mysigs.ndb
|
||||
#DatabaseCustomURL file:///mnt/nfs/local.hdb
|
||||
|
||||
# This option allows you to easily point freshclam to private mirrors.
|
||||
# If PrivateMirror is set, freshclam does not attempt to use DNS
|
||||
# to determine whether its databases are out-of-date, instead it will
|
||||
# use the If-Modified-Since request or directly check the headers of the
|
||||
# remote database files. For each database, freshclam first attempts
|
||||
# to download the CLD file. If that fails, it tries to download the
|
||||
# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
|
||||
# and ScriptedUpdates. It can be used multiple times to provide
|
||||
# fall-back mirrors.
|
||||
# Default: disabled
|
||||
#PrivateMirror mirror1.mynetwork.com
|
||||
#PrivateMirror mirror2.mynetwork.com
|
||||
|
||||
# Number of database checks per day.
|
||||
# Default: 12 (every two hours)
|
||||
Checks {{ clamav_freshclam_check_frequency }}
|
||||
|
||||
{% if clamav_freshclam_use_proxy %}
|
||||
# Proxy settings
|
||||
# Default: disabled
|
||||
HTTPProxyServer {{ clamav_freshclam_proxy_host }}
|
||||
HTTPProxyPort {{ clamav_freshclam_proxy_port }}
|
||||
{% if clamav_freshclam_use_proxy_auth %}
|
||||
HTTPProxyUsername {{ clamav_freshclam_proxy_user }}
|
||||
HTTPProxyPassword {{ clamav_freshclam_proxy_pwd }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
# If your servers are behind a firewall/proxy which applies User-Agent
|
||||
# filtering you can use this option to force the use of a different
|
||||
# User-Agent header.
|
||||
# Default: clamav/version_number
|
||||
#HTTPUserAgent SomeUserAgentIdString
|
||||
|
||||
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
|
||||
# multi-homed systems.
|
||||
# Default: Use OS'es default outgoing IP address.
|
||||
#LocalIPAddress aaa.bbb.ccc.ddd
|
||||
|
||||
{% if clamav_freshclam_reload_clamd %}
|
||||
# Send the RELOAD command to clamd.
|
||||
# Default: no
|
||||
NotifyClamd {{ clamav_clamd_conf_file }}
|
||||
{% endif %}
|
||||
|
||||
# Run command after successful database update.
|
||||
# Default: disabled
|
||||
#OnUpdateExecute command
|
||||
|
||||
# Run command when database update process fails.
|
||||
# Default: disabled
|
||||
#OnErrorExecute command
|
||||
|
||||
# Run command when freshclam reports outdated version.
|
||||
# In the command string %v will be replaced by the new version number.
|
||||
# Default: disabled
|
||||
#OnOutdatedExecute command
|
||||
|
||||
# Don't fork into background.
|
||||
# Default: no
|
||||
#Foreground yes
|
||||
|
||||
# Enable debug messages in libclamav.
|
||||
# Default: no
|
||||
#Debug yes
|
||||
|
||||
# Timeout in seconds when connecting to database server.
|
||||
# Default: 30
|
||||
#ConnectTimeout 60
|
||||
|
||||
# Timeout in seconds when reading from database server.
|
||||
# Default: 30
|
||||
#ReceiveTimeout 60
|
||||
|
||||
# With this option enabled, freshclam will attempt to load new
|
||||
# databases into memory to make sure they are properly handled
|
||||
# by libclamav before replacing the old ones.
|
||||
# Default: yes
|
||||
#TestDatabases yes
|
||||
|
||||
# This option enables support for Google Safe Browsing. When activated for
|
||||
# the first time, freshclam will download a new database file
|
||||
# (safebrowsing.cvd) which will be automatically loaded by clamd and
|
||||
# clamscan during the next reload, provided that the heuristic phishing
|
||||
# detection is turned on. This database includes information about websites
|
||||
# that may be phishing sites or possible sources of malware. When using this
|
||||
# option, it's mandatory to run freshclam at least every 30 minutes.
|
||||
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
|
||||
# database and its updates but all the contents are provided under Google's
|
||||
# terms of use. See https://www.google.com/transparencyreport/safebrowsing
|
||||
# and https://www.clamav.net/documents/safebrowsing
|
||||
# for more information.
|
||||
# Default: disabled
|
||||
SafeBrowsing {{ clamav_freshclam_enable_safebrowsing }}
|
||||
|
||||
# This option enables downloading of bytecode.cvd, which includes additional
|
||||
# detection mechanisms and improvements to the ClamAV engine.
|
||||
# Default: enabled
|
||||
Bytecode {{ clamav_freshclam_enable_bytecode }}
|
||||
|
||||
{% if clamav_freshclam_additional_databases is defined %}
|
||||
# Download an additional 3rd party signature database distributed through
|
||||
# the ClamAV mirrors.
|
||||
# This option can be used multiple times.
|
||||
#ExtraDatabase dbname1
|
||||
#ExtraDatabase dbname2
|
||||
{% for clamdb in clamav_freshclam_additional_databases %}
|
||||
ExtraDatabase {{ clamdb }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
|
@ -0,0 +1,41 @@
|
|||
# This file contains os configuration settings for clamav-unofficial-sigs.sh
|
||||
###################
|
||||
# This is property of eXtremeSHOK.com
|
||||
# You are free to use, modify and distribute, however you may not remove this notice.
|
||||
# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
|
||||
# License: BSD (Berkeley Software Distribution)
|
||||
##################
|
||||
#
|
||||
# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
|
||||
#
|
||||
##################
|
||||
#
|
||||
# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
|
||||
#
|
||||
################################################################################
|
||||
# SEE MASTER.CONF FOR CONFIG EXPLANATIONS
|
||||
################################################################################
|
||||
# Rename to os.conf to enable this file
|
||||
################################################################################
|
||||
|
||||
# RHEL/CentOS 7, using ClamAV packages from EPEL
|
||||
|
||||
clam_user="{{ clamav_clamd_user }}"
|
||||
clam_group="{{ clamav_clamd_user }}"
|
||||
|
||||
clam_dbs="/var/lib/clamav"
|
||||
|
||||
clamd_pid="{{ clamav_clamd_pidfile }}"
|
||||
|
||||
clamd_restart_opt="systemctl try-restart clamd@scan"
|
||||
|
||||
{% if clamav_clamd_use_local_socket %}
|
||||
clamd_socket="{{ clamav_clamd_local_socket }}"
|
||||
{% endif %}
|
||||
|
||||
clamd_reload_opt="clamdscan --config-file={{ clamav_clamd_conf_file }} --reload"
|
||||
|
||||
# By default clamupdate has no permissions to run service restarts
|
||||
reload_dbs="no"
|
||||
|
||||
# https://eXtremeSHOK.com ######################################################
|
|
@ -0,0 +1,688 @@
|
|||
# Use system logger (can work together with LogFile).
|
||||
# Default: no
|
||||
LogSyslog yes
|
||||
|
||||
# Specify the type of syslog messages - please refer to 'man syslog'
|
||||
# for facility names.
|
||||
# Default: LOG_LOCAL6
|
||||
#LogFacility LOG_MAIL
|
||||
|
||||
# Enable verbose logging.
|
||||
# Default: no
|
||||
LogVerbose {{ clamav_clamd_verbose_logging }}
|
||||
|
||||
# Log additional information about the infected file, such as its
|
||||
# size and hash, together with the virus name.
|
||||
ExtendedDetectionInfo {{ clamav_clamd_extended_info }}
|
||||
|
||||
# This option allows you to save a process identifier of the listening
|
||||
# daemon (main thread).
|
||||
# Default: disabled
|
||||
PidFile {{ clamav_clamd_pidfile }}
|
||||
|
||||
# Optional path to the global temporary directory.
|
||||
# Default: system specific (usually /tmp or /var/tmp).
|
||||
TemporaryDirectory {{ clamav_clamd_tmp }}
|
||||
|
||||
# Path to the database directory.
|
||||
# Default: hardcoded (depends on installation options)
|
||||
DatabaseDirectory /var/lib/clamav
|
||||
|
||||
# Only load the official signatures published by the ClamAV project.
|
||||
# Default: no
|
||||
OfficialDatabaseOnly {{ clamav_clamd_official_db_only }}
|
||||
|
||||
# The daemon can work in local mode, network mode or both.
|
||||
# Due to security reasons we recommend the local mode.
|
||||
|
||||
{% if clamav_clamd_use_local_socket %}
|
||||
# Path to a local socket file the daemon will listen on.
|
||||
# Default: disabled (must be specified by a user)
|
||||
LocalSocket {{ clamav_clamd_local_socket }}
|
||||
|
||||
# Sets the group ownership on the unix socket.
|
||||
# Default: disabled (the primary group of the user running clamd)
|
||||
LocalSocketGroup virusgroup
|
||||
|
||||
# Sets the permissions on the unix socket to the specified mode.
|
||||
# Default: disabled (socket is world accessible)
|
||||
LocalSocketMode 660
|
||||
|
||||
# Remove stale socket after unclean shutdown.
|
||||
# Default: yes
|
||||
FixStaleSocket yes
|
||||
{% endif %}
|
||||
|
||||
{% if clamav_clamd_use_net_socket %}
|
||||
# TCP port address.
|
||||
# Default: no
|
||||
TCPSocket {{ clamav_clamd_net_socket_port }}
|
||||
|
||||
# TCP address.
|
||||
# By default we bind to INADDR_ANY, probably not wise.
|
||||
# Enable the following to provide some degree of protection
|
||||
# from the outside world. This option can be specified multiple
|
||||
# times if you want to listen on multiple IPs. IPv6 is now supported.
|
||||
# Default: no
|
||||
{% for ip in clamav_clamd_net_socket_addrs %}
|
||||
TCPAddr {{ ip }}
|
||||
{% endfor %}
|
||||
|
||||
# Maximum length the queue of pending connections may grow to.
|
||||
# Default: 200
|
||||
#MaxConnectionQueueLength 30
|
||||
|
||||
# Clamd uses FTP-like protocol to receive data from remote clients.
|
||||
# If you are using clamav-milter to balance load between remote clamd daemons
|
||||
# on firewall servers you may need to tune the options below.
|
||||
|
||||
# Close the connection when the data size limit is exceeded.
|
||||
# The value should match your MTA's limit for a maximum attachment size.
|
||||
# Default: 25M
|
||||
StreamMaxLength {{ clamav_clamd_stream_max_lenght }}M
|
||||
|
||||
# Limit port range.
|
||||
# Default: 1024
|
||||
#StreamMinPort 30000
|
||||
# Default: 2048
|
||||
#StreamMaxPort 32000
|
||||
{% endif %}
|
||||
|
||||
# Maximum number of threads running at the same time.
|
||||
# Default: 10
|
||||
#MaxThreads 20
|
||||
|
||||
# Waiting for data from a client socket will timeout after this time (seconds).
|
||||
# Default: 120
|
||||
#ReadTimeout 300
|
||||
|
||||
# This option specifies the time (in seconds) after which clamd should
|
||||
# timeout if a client doesn't provide any initial command after connecting.
|
||||
# Default: 30
|
||||
#CommandReadTimeout 30
|
||||
|
||||
# This option specifies how long to wait (in milliseconds) if the send buffer
|
||||
# is full.
|
||||
# Keep this value low to prevent clamd hanging
|
||||
#
|
||||
# Default: 500
|
||||
#SendBufTimeout 200
|
||||
|
||||
# Maximum number of queued items (including those being processed by
|
||||
# MaxThreads threads)
|
||||
# It is recommended to have this value at least twice MaxThreads if possible.
|
||||
# WARNING: you shouldn't increase this too much to avoid running out of file
|
||||
# descriptors,
|
||||
# the following condition should hold:
|
||||
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual
|
||||
# max is 1024)
|
||||
#
|
||||
# Default: 100
|
||||
#MaxQueue 200
|
||||
|
||||
# Waiting for a new job will timeout after this time (seconds).
|
||||
# Default: 30
|
||||
#IdleTimeout 60
|
||||
|
||||
# Don't scan files and directories matching regex
|
||||
# This directive can be used multiple times
|
||||
# Default: scan all
|
||||
ExcludePath ^/proc/
|
||||
ExcludePath ^/sys/
|
||||
|
||||
# Maximum depth directories are scanned at.
|
||||
# Default: 15
|
||||
#MaxDirectoryRecursion 20
|
||||
|
||||
# Follow directory symlinks.
|
||||
# Default: no
|
||||
#FollowDirectorySymlinks yes
|
||||
|
||||
# Follow regular file symlinks.
|
||||
# Default: no
|
||||
#FollowFileSymlinks yes
|
||||
|
||||
# Scan files and directories on other filesystems.
|
||||
# Default: yes
|
||||
#CrossFilesystems yes
|
||||
|
||||
# Perform a database check.
|
||||
# Default: 600 (10 min)
|
||||
#SelfCheck 600
|
||||
|
||||
# Execute a command when virus is found. In the command string %v will
|
||||
# be replaced with the virus name.
|
||||
# Default: no
|
||||
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
|
||||
|
||||
# Run as another user (clamd must be started by root for this option to work)
|
||||
# Default: don't drop privileges
|
||||
User {{ clamav_clamd_user }}
|
||||
|
||||
# Stop daemon when libclamav reports out of memory condition.
|
||||
ExitOnOOM yes
|
||||
|
||||
# Don't fork into background.
|
||||
# Default: no
|
||||
#Foreground yes
|
||||
|
||||
# Enable debug messages in libclamav.
|
||||
# Default: no
|
||||
#Debug yes
|
||||
|
||||
# Do not remove temporary files (for debug purposes).
|
||||
# Default: no
|
||||
#LeaveTemporaryFiles yes
|
||||
|
||||
# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
|
||||
# any ALLMATCHSCAN command as invalid.
|
||||
# Default: yes
|
||||
AllowAllMatchScan yes
|
||||
|
||||
{% if clamav_clamd_detect_pua %}
|
||||
# Detect Possibly Unwanted Applications.
|
||||
# Default: no
|
||||
DetectPUA yes
|
||||
|
||||
# Exclude a specific PUA category. This directive can be used multiple times.
|
||||
# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
|
||||
# the complete list of PUA categories.
|
||||
# Default: Load all categories (if DetectPUA is activated)
|
||||
#ExcludePUA NetTool
|
||||
#ExcludePUA PWTool
|
||||
|
||||
# Only include a specific PUA category. This directive can be used multiple
|
||||
# times.
|
||||
# Default: Load all categories (if DetectPUA is activated)
|
||||
IncludePUA Spy
|
||||
IncludePUA Scanner
|
||||
IncludePUA RAT
|
||||
{% endif %}
|
||||
|
||||
# This option causes memory or nested map scans to dump the content to disk.
|
||||
# If you turn on this option, more data is written to disk and is available
|
||||
# when the LeaveTemporaryFiles option is enabled.
|
||||
#ForceToDisk yes
|
||||
|
||||
# This option allows you to disable the caching feature of the engine. By
|
||||
# default, the engine will store an MD5 in a cache of any files that are
|
||||
# not flagged as virus or that hit limits checks. Disabling the cache will
|
||||
# have a negative performance impact on large scans.
|
||||
# Default: no
|
||||
DisableCache no
|
||||
|
||||
# In some cases (eg. complex malware, exploits in graphic files, and others),
|
||||
# ClamAV uses special algorithms to detect abnormal patterns and behaviors that
|
||||
# may be malicious. This option enables alerting on such heuristically
|
||||
# detected potential threats.
|
||||
# Default: yes
|
||||
HeuristicAlerts {{ clamav_clamd_heuristic_alert }}
|
||||
|
||||
# Allow heuristic alerts to take precedence.
|
||||
# When enabled, if a heuristic scan (such as phishingScan) detects
|
||||
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
|
||||
# scan-time.
|
||||
# When disabled, virus/phish detected by heuristic scans will be reported only at
|
||||
# the end of a scan. If an archive contains both a heuristically detected
|
||||
# virus/phish, and a real malware, the real malware will be reported
|
||||
#
|
||||
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
|
||||
# differently from "real" malware.
|
||||
# If a non-heuristically-detected virus (signature-based) is found first,
|
||||
# the scan is interrupted immediately, regardless of this config option.
|
||||
#
|
||||
# Default: no
|
||||
HeuristicScanPrecedence {{ clamav_clamd_heuristic_has_precedence }}
|
||||
|
||||
##
|
||||
## Heuristic Alerts
|
||||
##
|
||||
|
||||
# With this option clamav will try to detect broken executables (both PE and
|
||||
# ELF) and alert on them with the Broken.Executable heuristic signature.
|
||||
# Default: no
|
||||
#AlertBrokenExecutables yes
|
||||
|
||||
# Alert on encrypted archives _and_ documents with heuristic signature (encrypted .zip, .7zip, .rar, .pdf).
|
||||
# Default: no
|
||||
#AlertEncrypted yes
|
||||
|
||||
# Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, .rar).
|
||||
# Default: no
|
||||
#AlertEncryptedArchive yes
|
||||
|
||||
# Alert on encrypted archives with heuristic signature (encrypted .pdf).
|
||||
# Default: no
|
||||
#AlertEncryptedDoc yes
|
||||
|
||||
# With this option enabled OLE2 files containing VBA macros, which were not
|
||||
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
|
||||
# Default: no
|
||||
#AlertOLE2Macros yes
|
||||
|
||||
# Alert on SSL mismatches in URLs, even if the URL isn't in the database.
|
||||
# This can lead to false positives.
|
||||
# Default: no
|
||||
#AlertPhishingSSLMismatch yes
|
||||
|
||||
# Alert on cloaked URLs, even if URL isn't in database.
|
||||
# This can lead to false positives.
|
||||
# Default: no
|
||||
#AlertPhishingCloak yes
|
||||
|
||||
# Alert on raw DMG image files containing partition intersections
|
||||
# Default: no
|
||||
#AlertPartitionIntersection yes
|
||||
|
||||
##
|
||||
## Executable files
|
||||
##
|
||||
|
||||
# PE stands for Portable Executable - it's an executable file format used
|
||||
# in all 32 and 64-bit versions of Windows operating systems. This option
|
||||
# allows ClamAV to perform a deeper analysis of executable files and it's also
|
||||
# required for decompression of popular executable packers such as UPX, FSG,
|
||||
# and Petite. If you turn off this option, the original files will still be
|
||||
# scanned, but without additional processing.
|
||||
# Default: yes
|
||||
#ScanPE yes
|
||||
|
||||
# Certain PE files contain an authenticode signature. By default, we check
|
||||
# the signature chain in the PE file against a database of trusted and
|
||||
# revoked certificates if the file being scanned is marked as a virus.
|
||||
# If any certificate in the chain validates against any trusted root, but
|
||||
# does not match any revoked certificate, the file is marked as whitelisted.
|
||||
# If the file does match a revoked certificate, the file is marked as virus.
|
||||
# The following setting completely turns off authenticode verification.
|
||||
# Default: no
|
||||
#DisableCertCheck yes
|
||||
|
||||
# Executable and Linking Format is a standard format for UN*X executables.
|
||||
# This option allows you to control the scanning of ELF files.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without additional processing.
|
||||
# Default: yes
|
||||
#ScanELF yes
|
||||
|
||||
{% if clamav_clamd_additional_doc_scanning %}
|
||||
##
|
||||
## Documents
|
||||
##
|
||||
|
||||
# This option enables scanning of OLE2 files, such as Microsoft Office
|
||||
# documents and .msi files.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without additional processing.
|
||||
# Default: yes
|
||||
ScanOLE2 yes
|
||||
|
||||
# This option enables scanning within PDF files.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without decoding and additional processing.
|
||||
# Default: yes
|
||||
ScanPDF yes
|
||||
|
||||
# This option enables scanning within SWF files.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without decoding and additional processing.
|
||||
# Default: yes
|
||||
ScanSWF yes
|
||||
|
||||
# This option enables scanning xml-based document files supported by libclamav.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without additional processing.
|
||||
# Default: yes
|
||||
ScanXMLDOCS yes
|
||||
|
||||
# This option enables scanning of HWP3 files.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without additional processing.
|
||||
# Default: yes
|
||||
ScanHWP3 yes
|
||||
{% endif %}
|
||||
|
||||
##
|
||||
## Mail files
|
||||
##
|
||||
|
||||
# Enable internal e-mail scanner.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without parsing individual messages/attachments.
|
||||
# Default: yes
|
||||
ScanMail {{ clamav_clamd_email_scan }}
|
||||
|
||||
# Scan RFC1341 messages split over many emails.
|
||||
# You will need to periodically clean up $TemporaryDirectory/clamav-partial
|
||||
# directory.
|
||||
# WARNING: This option may open your system to a DoS attack.
|
||||
# Never use it on loaded servers.
|
||||
# Default: no
|
||||
ScanPartialMessages yes
|
||||
|
||||
# With this option enabled ClamAV will try to detect phishing attempts by using
|
||||
# HTML.Phishing and Email.Phishing NDB signatures.
|
||||
# Default: yes
|
||||
PhishingSignatures yes
|
||||
|
||||
# With this option enabled ClamAV will try to detect phishing attempts by
|
||||
# analyzing URLs found in emails using WDB and PDB signature databases.
|
||||
# Default: yes
|
||||
PhishingScanURLs yes
|
||||
|
||||
##
|
||||
## Data Loss Prevention (DLP)
|
||||
##
|
||||
|
||||
# Enable the DLP module
|
||||
# Default: No
|
||||
#StructuredDataDetection yes
|
||||
|
||||
# This option sets the lowest number of Credit Card numbers found in a file
|
||||
# to generate a detect.
|
||||
# Default: 3
|
||||
#StructuredMinCreditCardCount 5
|
||||
|
||||
# This option sets the lowest number of Social Security Numbers found
|
||||
# in a file to generate a detect.
|
||||
# Default: 3
|
||||
#StructuredMinSSNCount 5
|
||||
|
||||
# With this option enabled the DLP module will search for valid
|
||||
# SSNs formatted as xxx-yy-zzzz
|
||||
# Default: yes
|
||||
#StructuredSSNFormatNormal yes
|
||||
|
||||
# With this option enabled the DLP module will search for valid
|
||||
# SSNs formatted as xxxyyzzzz
|
||||
# Default: no
|
||||
#StructuredSSNFormatStripped yes
|
||||
|
||||
##
|
||||
## HTML
|
||||
##
|
||||
|
||||
# Perform HTML normalisation and decryption of MS Script Encoder code.
|
||||
# Default: yes
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without additional processing.
|
||||
ScanHTML {{ clamav_clamd_html_scan }}
|
||||
|
||||
##
|
||||
## Archives
|
||||
##
|
||||
|
||||
# ClamAV can scan within archives and compressed files.
|
||||
# If you turn off this option, the original files will still be scanned, but
|
||||
# without unpacking and additional processing.
|
||||
# Default: yes
|
||||
ScanArchive {{ clamav_clamd_archives_scan }}
|
||||
|
||||
##
|
||||
## Limits
|
||||
##
|
||||
|
||||
# The options below protect your system against Denial of Service attacks
|
||||
# using archive bombs.
|
||||
|
||||
# This option sets the maximum amount of time to a scan may take.
|
||||
# In this version, this field only affects the scan time of ZIP archives.
|
||||
# Value of 0 disables the limit
|
||||
# Note: disabling this limit or setting it too high may result allow scanning
|
||||
# of certain files to lock up the scanning process/threads resulting in a Denial
|
||||
# of Service.
|
||||
# Time is in milliseconds.
|
||||
# Default: 120000
|
||||
MaxScanTime {{ clamav_clamd_max_scan_time }}
|
||||
|
||||
# This option sets the maximum amount of data to be scanned for each input
|
||||
# file.
|
||||
# Archives and other containers are recursively extracted and scanned up to
|
||||
# this value.
|
||||
# Value of 0 disables the limit
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 100M
|
||||
MaxScanSize {{ clamav_clamd_stream_max_lenght }}M
|
||||
|
||||
# Files larger than this limit won't be scanned. Affects the input file itself
|
||||
# as well as files contained inside it (when the input file is an archive, a
|
||||
# document or some other kind of container).
|
||||
# Value of 0 disables the limit.
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 25M
|
||||
#MaxFileSize 30M
|
||||
|
||||
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
|
||||
# file, all files within it will also be scanned. This options specifies how
|
||||
# deeply the process should be continued.
|
||||
# Note: setting this limit too high may result in severe damage to the system.
|
||||
# Default: 16
|
||||
MaxRecursion 10
|
||||
|
||||
# Number of files to be scanned within an archive, a document, or any other
|
||||
# container file.
|
||||
# Value of 0 disables the limit.
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 10000
|
||||
#MaxFiles 15000
|
||||
|
||||
# Maximum size of a file to check for embedded PE. Files larger than this value
|
||||
# will skip the additional analysis step.
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 10M
|
||||
#MaxEmbeddedPE 10M
|
||||
|
||||
# Maximum size of a HTML file to normalize. HTML files larger than this value
|
||||
# will not be normalized or scanned.
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 10M
|
||||
#MaxHTMLNormalize 10M
|
||||
|
||||
# Maximum size of a normalized HTML file to scan. HTML files larger than this
|
||||
# value after normalization will not be scanned.
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 2M
|
||||
#MaxHTMLNoTags 2M
|
||||
|
||||
# Maximum size of a script file to normalize. Script content larger than this
|
||||
# value will not be normalized or scanned.
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 5M
|
||||
#MaxScriptNormalize 5M
|
||||
|
||||
# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
|
||||
# than this value will skip the step to potentially reanalyze as PE.
|
||||
# Note: disabling this limit or setting it too high may result in severe damage
|
||||
# to the system.
|
||||
# Default: 1M
|
||||
#MaxZipTypeRcg 1M
|
||||
|
||||
# This option sets the maximum number of partitions of a raw disk image to be
|
||||
# scanned.
|
||||
# Raw disk images with more partitions than this value will have up to
|
||||
# the value number partitions scanned. Negative values are not allowed.
|
||||
# Note: setting this limit too high may result in severe damage or impact
|
||||
# performance.
|
||||
# Default: 50
|
||||
#MaxPartitions 128
|
||||
|
||||
# This option sets the maximum number of icons within a PE to be scanned.
|
||||
# PE files with more icons than this value will have up to the value number
|
||||
# icons scanned.
|
||||
# Negative values are not allowed.
|
||||
# WARNING: setting this limit too high may result in severe damage or impact
|
||||
# performance.
|
||||
# Default: 100
|
||||
#MaxIconsPE 200
|
||||
|
||||
# This option sets the maximum recursive calls for HWP3 parsing during
|
||||
# scanning. HWP3 files using more than this limit will be terminated and
|
||||
# alert the user.
|
||||
# Scans will be unable to scan any HWP3 attachments if the recursive limit
|
||||
# is reached.
|
||||
# Negative values are not allowed.
|
||||
# WARNING: setting this limit too high may result in severe damage or impact
|
||||
# performance.
|
||||
# Default: 16
|
||||
#MaxRecHWP3 16
|
||||
|
||||
# This option sets the maximum calls to the PCRE match function during
|
||||
# an instance of regex matching.
|
||||
# Instances using more than this limit will be terminated and alert the user
|
||||
# but the scan will continue.
|
||||
# For more information on match_limit, see the PCRE documentation.
|
||||
# Negative values are not allowed.
|
||||
# WARNING: setting this limit too high may severely impact performance.
|
||||
# Default: 100000
|
||||
#PCREMatchLimit 20000
|
||||
|
||||
# This option sets the maximum recursive calls to the PCRE match function
|
||||
# during an instance of regex matching.
|
||||
# Instances using more than this limit will be terminated and alert the user
|
||||
# but the scan will continue.
|
||||
# For more information on match_limit_recursion, see the PCRE documentation.
|
||||
# Negative values are not allowed and values > PCREMatchLimit are superfluous.
|
||||
# WARNING: setting this limit too high may severely impact performance.
|
||||
# Default: 2000
|
||||
#PCRERecMatchLimit 10000
|
||||
|
||||
# This option sets the maximum filesize for which PCRE subsigs will be
|
||||
# executed. Files exceeding this limit will not have PCRE subsigs executed
|
||||
# unless a subsig is encompassed to a smaller buffer.
|
||||
# Negative values are not allowed.
|
||||
# Setting this value to zero disables the limit.
|
||||
# WARNING: setting this limit too high or disabling it may severely impact
|
||||
# performance.
|
||||
# Default: 25M
|
||||
#PCREMaxFileSize 100M
|
||||
|
||||
# When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or
|
||||
# MaxRecursion limit will be flagged with the virus
|
||||
# "Heuristics.Limits.Exceeded".
|
||||
# Default: no
|
||||
AlertExceedsMax yes
|
||||
|
||||
##
|
||||
## On-access Scan Settings
|
||||
##
|
||||
|
||||
# Enable on-access scanning. Currently, this is supported via fanotify.
|
||||
# Clamuko/Dazuko support has been deprecated.
|
||||
# Default: no
|
||||
#ScanOnAccess yes
|
||||
|
||||
# Set the mount point to be scanned. The mount point specified, or the mount
|
||||
# point containing the specified directory will be watched. If any directories
|
||||
# are specified, this option will preempt the DDD system. This will notify
|
||||
# only. It can be used multiple times.
|
||||
# (On-access scan only)
|
||||
# Default: disabled
|
||||
#OnAccessMountPath /
|
||||
#OnAccessMountPath /home/user
|
||||
|
||||
# Don't scan files larger than OnAccessMaxFileSize
|
||||
# Value of 0 disables the limit.
|
||||
# Default: 5M
|
||||
#OnAccessMaxFileSize 10M
|
||||
|
||||
# Set the include paths (all files inside them will be scanned). You can have
|
||||
# multiple OnAccessIncludePath directives but each directory must be added
|
||||
# in a separate line. (On-access scan only)
|
||||
# Default: disabled
|
||||
#OnAccessIncludePath /home
|
||||
#OnAccessIncludePath /students
|
||||
|
||||
# Set the exclude paths. All subdirectories are also excluded.
|
||||
# (On-access scan only)
|
||||
# Default: disabled
|
||||
#OnAccessExcludePath /home/bofh
|
||||
|
||||
# With this option you can whitelist the root UID (0). Processes run under
|
||||
# root with be able to access all files without triggering scans or
|
||||
# permission denied events.
|
||||
# Note that if clamd cannot check the uid of the process that generated an
|
||||
# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
|
||||
# the process already exited), clamd will perform a scan. Thus, setting
|
||||
# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
|
||||
# root user from triggering a scan (unless OnAccessPrevention is enabled).
|
||||
# Default: no
|
||||
#OnAccessExcludeRootUID no
|
||||
|
||||
# With this option you can whitelist specific UIDs. Processes with these UIDs
|
||||
# will be able to access all files without triggering scans or permission
|
||||
# denied events.
|
||||
# This option can be used multiple times (one per line).
|
||||
# Using a value of 0 on any line will disable this option entirely.
|
||||
# To whitelist the root UID (0) please enable the OnAccessExcludeRootUID
|
||||
# option.
|
||||
# Also note that if clamd cannot check the uid of the process that generated an
|
||||
# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
|
||||
# the process already exited), clamd will perform a scan. Thus, setting
|
||||
# OnAccessExcludeUID is not *guaranteed* to prevent every access by the
|
||||
# specified uid from triggering a scan (unless OnAccessPrevention is enabled).
|
||||
# Default: disabled
|
||||
#OnAccessExcludeUID -1
|
||||
|
||||
# Toggles dynamic directory determination. Allows for recursively watching
|
||||
# include paths.
|
||||
# (On-access scan only)
|
||||
# Default: no
|
||||
#OnAccessDisableDDD yes
|
||||
|
||||
# Modifies fanotify blocking behaviour when handling permission events.
|
||||
# If off, fanotify will only notify if the file scanned is a virus,
|
||||
# and not perform any blocking.
|
||||
# (On-access scan only)
|
||||
# Default: no
|
||||
#OnAccessPrevention yes
|
||||
|
||||
# Toggles extra scanning and notifications when a file or directory is
|
||||
# created or moved.
|
||||
# Requires the DDD system to kick-off extra scans.
|
||||
# NOTE: This feature is disabled until a thread resource leak bug
|
||||
# in the OnAccessExtraScanning code can be resolved.
|
||||
# (On-access scan only)
|
||||
# Default: no
|
||||
#OnAccessExtraScanning yes
|
||||
|
||||
##
|
||||
## Bytecode
|
||||
##
|
||||
|
||||
# With this option enabled ClamAV will load bytecode from the database.
|
||||
# It is highly recommended you keep this option on, otherwise you'll miss
|
||||
# detections for many new viruses.
|
||||
# Default: yes
|
||||
Bytecode yes
|
||||
|
||||
# Set bytecode security level.
|
||||
# Possible values:
|
||||
# None - No security at all, meant for debugging.
|
||||
# DO NOT USE THIS ON PRODUCTION SYSTEMS.
|
||||
# This value is only available if clamav was built
|
||||
# with --enable-debug!
|
||||
# TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert
|
||||
# runtime safety checks for bytecode loaded from other sources.
|
||||
# Paranoid - Don't trust any bytecode, insert runtime checks for all.
|
||||
# Recommended: TrustSigned, because bytecode in .cvd files already has these
|
||||
# checks.
|
||||
# Note that by default only signed bytecode is loaded, currently you can only
|
||||
# load unsigned bytecode in --enable-debug mode.
|
||||
#
|
||||
# Default: TrustSigned
|
||||
BytecodeSecurity {{ clamav_clamd_bytecode_security }}
|
||||
|
||||
# Set bytecode timeout in milliseconds.
|
||||
#
|
||||
# Default: 5000
|
||||
# BytecodeTimeout 1000
|
||||
|
||||
##
|
||||
## Statistics gathering and submitting
|
||||
##
|
|
@ -0,0 +1,69 @@
|
|||
# This file contains user configuration settings for clamav-unofficial-sigs.sh
|
||||
###################
|
||||
# This is property of eXtremeSHOK.com
|
||||
# You are free to use, modify and distribute, however you may not remove this notice.
|
||||
# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
|
||||
# License: BSD (Berkeley Software Distribution)
|
||||
##################
|
||||
#
|
||||
# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
|
||||
#
|
||||
##################
|
||||
#
|
||||
# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
|
||||
#
|
||||
################################################################################
|
||||
# SEE MASTER.CONF FOR CONFIG EXPLANATIONS
|
||||
################################################################################
|
||||
|
||||
# Values in this file will always override those in the master.conf and os.conf files.
|
||||
# This is useful to specify your authorisation/receipt codes and to always force certain options.
|
||||
# Please note, it is your responsibility to manage the contents of this file.
|
||||
# Values provided here are just examples, feel free to use any values from the main config file.
|
||||
|
||||
#malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER"
|
||||
#malwarepatrol_product_code="8"
|
||||
#malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
|
||||
#malwarepatrol_free="yes"
|
||||
|
||||
#securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
|
||||
|
||||
# Default dbs rating (Default: MEDIUM)
|
||||
# valid rating: LOW, MEDIUM, HIGH
|
||||
#default_dbs_rating="HIGH"
|
||||
|
||||
# Per Database
|
||||
# These ratings will override the global rating for the specific database
|
||||
# valid rating: LOW, MEDIUM, HIGH, DISABLE
|
||||
#sanesecurity_dbs_rating="HIGH"
|
||||
#securiteinfo_dbs_rating="HIGH"
|
||||
#linuxmalwaredetect_dbs_rating="HIGH"
|
||||
#yararulesproject_dbs_rating="HIGH"
|
||||
|
||||
# =========================
|
||||
# Additional signature databases
|
||||
# =========================
|
||||
#declare -a additional_dbs=(
|
||||
# ftp://ftp.example.net/pub/sigs.ndb
|
||||
# http://www.example.org/sigs.ldb
|
||||
#) #END ADDITIONAL DATABASES
|
||||
|
||||
# Uncomment the following line to enable the script
|
||||
user_configuration_complete="yes"
|
||||
|
||||
{% if clamav_additional_signatures_use_proxy %}
|
||||
# Proxy Support
|
||||
# If necessary to proxy database downloads, define the rsync, curl, wget, dig, hosr proxy settings here.
|
||||
#rsync_proxy="username:password@proxy_host:proxy_port"
|
||||
{% if clamav_additional_signatures_use_proxy_auth %}
|
||||
curl_proxy="--proxy http://{{ clamav_additional_signatures_proxy_user }}:{{ clamav_additional_signatures_proxy_pwd }}@{{ clamav_additional_signatures_proxy_host }}:{{ clamav_additional_signatures_proxy_port }}"
|
||||
wget_proxy="-e http_proxy=http://{{ clamav_additional_signatures_proxy_user }}:{{ clamav_additional_signatures_proxy_pwd }}@{{ clamav_additional_signatures_proxy_host }}:{{ clamav_additional_signatures_proxy_port }} -e https_proxy=https://{{ clamav_additional_signatures_proxy_user }}:{{ clamav_additional_signatures_proxy_pwd }}@{{ clamav_additional_signatures_proxy_host }}:{{ clamav_additional_signatures_proxy_port }}"
|
||||
{% else %}
|
||||
curl_proxy="--proxy http://{{ clamav_additional_signatures_proxy_host }}:{{ clamav_additional_signatures_proxy_port }}"
|
||||
wget_proxy="-e http_proxy=http://{{ clamav_additional_signatures_proxy_host }}:{{ clamav_additional_signatures_proxy_port }} -e https_proxy=https://{{ clamav_additional_signatures_proxy_host }}:{{ clamav_additional_signatures_proxy_port }}"
|
||||
{% endif %}
|
||||
#dig_proxy="@proxy_host -p proxy_host:proxy_port"
|
||||
#host_proxy="@proxy_host" #does not support port
|
||||
{% endif %}
|
||||
|
||||
# https://eXtremeSHOK.com ######################################################
|
Loading…
Reference in New Issue