-
Notifications
You must be signed in to change notification settings - Fork 11
/
clamfs.xml
135 lines (118 loc) · 7.31 KB
/
clamfs.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?xml version="1.0" encoding="UTF-8"?>
<!-- Only three options are mandatory:
<clamd socket="" />
<filesystem root="" />
<filesystem mountpoint="" />
All other can be removed, but this will disable related subsystem.
For example removing <cache ... /> will disable caching completly. -->
<clamfs>
<!-- Clamd socket settings
socket - location of clamd socket (may vary between operating systems)
For Debian GNU/Linux it is /var/run/clamav/clamd.ctl, on
FreeBSD use /var/run/clamav/clamd.sock.
mode - three different modes are available to pass files to clamd
mode="fname" - pass file name (with SCAN command)
clamd opens and reads file by itself permissions have to be set
to allow clamd to access the file; this mode works only when
clamd and ClamFS are no the same machine and have access to
files; might require permissions or ACLs setup for clamd user
mode="fdpass" - pass file descriptor (with FILDES command)
ClamFS opens file and passes file descriptor to clamd over UNIX
domain socket; clamd reads file by itself; this mode works
only when clamd and ClamFS are no the same machine and operating
system supports file descriptor sharing; this is the default
mode="stream" - pass file stream (with INSTREAM command)
ClamFS opens and reads file and sends it to clamd over the UNIX
domain or TCP/IP socket; this works for local and remote clamd;
for local clamd instance fdpass is preferred
check - (yes or no) check if clamd is available on startup (useful if
mounting clamfs file systems from /etc/fstab early on startup,
while clamav daemon is not yet started) -->
<clamd socket="/var/run/clamav/clamd.ctl" mode="fdpass" check="yes" />
<!-- File system settings
root - real directory to attach as our root
mountpoint - where to attach our root
readonly - (yes or no) mount filesystem in read-only mode
public - (yes or no) limit access to process owner only or make
file system publicly available for all users
nonempty - (yes or no) allow mount to directory which contains
files or sub-directories -->
<filesystem root="/tmp" mountpoint="/clamfs/tmp" public="yes" />
<!-- Maximal file size (in bytes).
This option can speed up access to large files, as they will be
never scanned. On the other hand attacker can append long portion
of junk at the end of file to make it big enough to be omitted. -->
<file maximal-size="67108864" /> <!-- 64MiB -->
<!-- Whitelisted files are never scanned.
This can speed up access to some files, but be careful with this,
some data files like JPEG, RIFF or WMF can be prepared to cause
problems (like buffers overflows) in applications and thus execute
malicious code even not being executable itself. Finally even text
files can have "modeline" causing problems in some buggy editors. -->
<whitelist>
<exclude extension="dat" /> <!-- form ClamWin -->
<exclude extension="dbx" /> <!-- form ClamWin -->
<exclude extension="log" /> <!-- form ClamWin -->
<exclude extension="nsf" /> <!-- form ClamWin -->
<exclude extension="ntf" /> <!-- form ClamWin -->
<exclude extension="pst" /> <!-- form ClamWin -->
<exclude extension="tbb" /> <!-- form ClamWin -->
</whitelist>
<!-- Blacklisted files are scanned regardless of their sizes -->
<blacklist>
<include extension="ade" /> <!-- Access project extension file -->
<include extension="adp" /> <!-- Access project file -->
<include extension="asx" /> <!-- ASF redirector or ActiveSite script -->
<include extension="bas" /> <!-- Visual Basic class module file -->
<include extension="bat" /> <!-- DOS batch file -->
<include extension="chm" /> <!-- HTML Help, compiled help file -->
<include extension="cmd" /> <!-- Windows command file -->
<include extension="com" /> <!-- Executable file -->
<include extension="cpl" /> <!-- Windows control panel file -->
<include extension="crt" /> <!-- Certificate file -->
<include extension="dll" /> <!-- Dynamic-link library file -->
<include extension="exe" /> <!-- Executable file -->
<include extension="hlp" /> <!-- Microsoft Help file -->
<include extension="hta" /> <!-- HTML Application -->
<include extension="inf" /> <!-- Windows information or setup file -->
<include extension="ins" /> <!-- Install script file -->
<include extension="isp" /> <!-- Internet Service Provider settings -->
<include extension="jse" /> <!-- JScript Encoded script file -->
<include extension="js" /> <!-- JavaScript file -->
<include extension="lnk" /> <!-- Windows shortcut file -->
<include extension="mda" /> <!-- Access add-in (VBA script) file -->
<include extension="mdz" /> <!-- Access Wizard template file -->
<include extension="msc" /> <!-- Microsoft Management Console file -->
<include extension="msi" /> <!-- Windows Installer file -->
<include extension="msp" /> <!-- Windows Installer patch file -->
<include extension="mst" /> <!-- Windows SDK Setup Transform Script -->
<include extension="pcd" /> <!-- Visual Test P-Code Compiled Script -->
<include extension="pif" /> <!-- Windows program information file -->
<include extension="reg" /> <!-- Windows registry data file -->
<include extension="scr" /> <!-- Windows screensaver file -->
<include extension="sct" /> <!-- Windows Script Component file -->
<include extension="shs" /> <!-- Shell Scrap object file -->
<include extension="sys" /> <!-- System file (driver) -->
<include extension="url" /> <!-- Internet Location (URL) file -->
<include extension="vbe" /> <!-- Visual Basic script file -->
<include extension="vbs" /> <!-- Visual Basic script file -->
<include extension="vb" /> <!-- Visual Basic script file -->
<include extension="wsc" /> <!-- Windows scripting component file -->
<include extension="wsf" /> <!-- Windows scripting file -->
<include extension="wsh" /> <!-- Windows Scripting Host file -->
</blacklist>
<!-- How many entries to keep in cache and for how long -->
<cache entries="65536" expire="10800000" /> <!-- time in ms, 3h -->
<!-- Statistics module keep track of filesystem & memory usage -->
<stats memory="no" atexit="yes" every="3600" /> <!-- time in sec, 1h -->
<!-- Logging method (stdout, syslog or file) -->
<!-- <log method="stdout" verbose="yes" /> -->
<log method="syslog" />
<!-- <log method="file" filename="/var/log/clamfs.log" verbose="no" /> -->
<!-- Send mail when virus is found -->
<!-- <mail server="localhost" to="root@localhost" from="clamfs@localhost"
subject="ClamFS: Virus detected" /> -->
<!-- subject="ClamFS: Virus detected on @@HOSTNAME@@" /> -->
<!-- Debug settings -->
<!-- <debug threads="no" fork="no" /> -->
</clamfs>