[packages/apache-mod_clamav.git] / apache-mod_clamav.conf

# $Id$
LoadModule clamav_module    lib/apache/mod_clamav.so

#
# Here is a configuration for an Apache proxy that scans everything except some 
# image types for viruses, using the database files in /var/lib/clamav 
# While downloading files, mod_clamav will write a copy of the file it will later 
# scan for viruses in /tmp/clamav.

# ClamavTmpdir    /tmp/clamav
# ClamavDbdir     /var/lib/clamav
# ClamavSafetypes image/gif image/jpeg image/png
#
# <Proxy *>
#   SetOutputFilter CLAMAV
# </Proxy>
#
# The status page can be enabled with the Location
#
# <Location /clamav>
#    SetHandler clamav
#    Order deny,allow
#    Deny from all
#    Allow from 127.0.0.1
# </Location>
#
# Please note that not restricting access to this location may reveal 
# sensitive information.


###############################################################################
# Reference
###############################################################################
#
# All the available directives are described below

#
# ClamavMode
#
# Syntax: ClamavMode local | daemon
# Default: ClamavMode local
# Context: server config, virtual host, directory
#
# If the module is supposed to use the clamav library directly, 
# use local mode. In daemon mode, the module queries a remote clamd 
# (on the same machine, of course) for virus checking. 
# The connection to the daemon must be configured using the ClamavSocket 
# or ClamavPort directives

#
# ClamavSocket
#
# Syntax: ClamavSocket unix-domain-socket
# Default: none
# Context: server config, virtual host, directory
# 
# Specifies the path where the Clamav daemon clamd is listening. If this 
# directive is not set, the daemon mode of the module assumes 
# a TCP connection to the Clamav daemon.

#
# ClamavPort
#
# Syntax: ClamavPort port
# Default: none
# Context: server config, virtual host, directory
# 
# Specifies the port number on which the clamav daemon is listening. 
# Not that this directive only has any effect if ClamavSocket is not specified.

#
# ClamavTmpdir
#
# Syntax: ClamavTmpdir tmp-dir
# Default: ClamavTmpdir /tmp
# Context: server config, virtual host, directory
# 
# This directive defines the directory where temporary files should be stored 
# until the can be scanned for viruses.

#
# ClamavDbdir
#
# Syntax: ClamavDbdir virus-pattern-dir
# Default: same as that of your clamav installation
# Context: server config, virtual host, directory
# 
# This directive defines the directory from which virus patterns are loaded.

#
# ClamavReloadInterval
#
# Syntax: ClamavReloadInterval interval
# Default: 0
# Context: server config, virtual host, directory
# 
# The pattern database is reloaded if the last request is more then interval 
# seconds in the past. A value of 0 means that the pattern database is never 
# reloaded, to update patterns, the server must be gracefully restarted. 
# Reloading is only necessary in local mode, in daemon mode its the daemon's 
# business to keep the pattern matching engine up-to-date.

#
# ClamavTrickleInterval
#
# Syntax: ClamavTrickleInterval interval
# Default: ClamavTrickleInterval 60
# Context: server config, virtual host, directory
#
# This directive sets the interval at which a block (normaly one byte, but 
# configurable with the ClamavTrickleSize directive) of the incoming data 
# is sent to the browser to keep it happy. If your browsers are tolerant of 
# long delays, this value can be increased.
#
# Note that the trickle interval has a side effect that can affect your link 
# load considerably: only when the trickle is sent to the client will the 
# module be able to detect that the client has aborted the connection. 
# A long trickle interval means that the server will continue downloading 
# the file, although the client is no longer interested. This can fill up 
# you link with downloads still going on no user is interested in.
#
# Browsers behave quite differently with respect to timeouts. For some 
# browsers, a single byte is not good enough, so you will want to increase 
# the trickle size to a larger value. Download speeds below 1 byte/sec seem 
# to be a problem for browsers. Apple's Safari browser times out after 
# 60 seconds (Mozilla seems to be more patient), so you will have do make 
# the trickle interval smaller than 60. Note also that the trickle interval 
# is a minimum value, if a packet arrives from the remote server after that 
# interval, then a trickle block is sent to the browser client. 
# If no packets arrive from the remote server, no trickle blocks are sent 
# to client either.

#
# ClamavTrickleSize
#
# Syntax: ClamavTrickleSize size
# Default: ClamavTrickleSize 1
# Context: server config, virtual host, directory
# 
# This directive sets the size of the block sent after each trickle interval. 
# See the description of the ClamavTrickleInterval directive for details.

#
# ClamavMaxfiles
#
# Syntax: ClamavMaxfiles number-of-files
# Default: none
# Context: server config, virtual host, directory
#
# This directive sets the maxfiles limit variable in Clamav, please read the 
# Clamav for the exact implications of this.

#
# ClamavMaxfilesize
#
# Syntax: ClamavMaxfilesize filesize
# Default: none
# Context: server config, virtual host, directory
#
# This directive sets the maxfilesize limit variable in Clamav, please 
# read the Clamav documentation for the exact implications of this.

#
# ClamavRecursion
#
# Syntax: ClamavRecursion depth
# Default: none
# Context: server config, virtual host, directory
#
# This directive sets the recursion depth limit variable in Clamav, please 
# read the Clamav for the exact implications of this.

#
# ClamavSafetypes
#
# Syntax: ClamavSafetypes safe-mime-type ...
# Default: none
# Context: server config, virtual host, directory
#
# Use this directive to specify a list of mime types that can safely be bypassed.

#
# ClamavSizelimit
#
# Syntax: ClamavSize size
# Default: ClamavSizelimit 0
# Context: server config, virtual host, directory
#
# This directive sets the size of the largest part of a file that will be 
# checked. By default, its value is 0, meaning the a file is scanned in its 
# entirety. For a positive value, a chunk of at least size bytes 
# is downloaded and checked for viruses. If nothing is found, the rest of 
# the file is downloaded without checking. 

# vim: filetype=apache ts=4 sw=4 et
Commit	Line	Data
da9fa9f0	1	# $Id$
b466d7a4	2	LoadModule clamav_module lib/apache/mod_clamav.so
	3
	4	#
	5	# Here is a configuration for an Apache proxy that scans everything except some
	6	# image types for viruses, using the database files in /var/lib/clamav
	7	# While downloading files, mod_clamav will write a copy of the file it will later
	8	# scan for viruses in /tmp/clamav.
	9
	10	# ClamavTmpdir /tmp/clamav
	11	# ClamavDbdir /var/lib/clamav
	12	# ClamavSafetypes image/gif image/jpeg image/png
	13	#
	14	# <Proxy *>
	15	# SetOutputFilter CLAMAV
	16	# </Proxy>
	17	#
	18	# The status page can be enabled with the Location
	19	#
	20	# <Location /clamav>
	21	# SetHandler clamav
	22	# Order deny,allow
	23	# Deny from all
	24	# Allow from 127.0.0.1
	25	# </Location>
	26	#
	27	# Please note that not restricting access to this location may reveal
	28	# sensitive information.
	29
	30
	31	###############################################################################
	32	# Reference
	33	###############################################################################
	34	#
	35	# All the available directives are described below
	36
	37	#
	38	# ClamavMode
	39	#
	40	# Syntax: ClamavMode local \| daemon
	41	# Default: ClamavMode local
	42	# Context: server config, virtual host, directory
	43	#
	44	# If the module is supposed to use the clamav library directly,
	45	# use local mode. In daemon mode, the module queries a remote clamd
	46	# (on the same machine, of course) for virus checking.
	47	# The connection to the daemon must be configured using the ClamavSocket
	48	# or ClamavPort directives
	49
	50	#
	51	# ClamavSocket
	52	#
	53	# Syntax: ClamavSocket unix-domain-socket
	54	# Default: none
	55	# Context: server config, virtual host, directory
	56	#
	57	# Specifies the path where the Clamav daemon clamd is listening. If this
	58	# directive is not set, the daemon mode of the module assumes
	59	# a TCP connection to the Clamav daemon.
	60
	61	#
	62	# ClamavPort
	63	#
	64	# Syntax: ClamavPort port
	65	# Default: none
66	# Context: server config, virtual host, directory
67	#
68	# Specifies the port number on which the clamav daemon is listening.
69	# Not that this directive only has any effect if ClamavSocket is not specified.
70
71	#
72	# ClamavTmpdir
73	#
74	# Syntax: ClamavTmpdir tmp-dir
75	# Default: ClamavTmpdir /tmp
76	# Context: server config, virtual host, directory
77	#
78	# This directive defines the directory where temporary files should be stored
79	# until the can be scanned for viruses.
80
81	#
82	# ClamavDbdir
83	#
84	# Syntax: ClamavDbdir virus-pattern-dir
85	# Default: same as that of your clamav installation
86	# Context: server config, virtual host, directory
87	#
88	# This directive defines the directory from which virus patterns are loaded.
89
90	#
91	# ClamavReloadInterval
92	#
93	# Syntax: ClamavReloadInterval interval
94	# Default: 0
95	# Context: server config, virtual host, directory
96	#
97	# The pattern database is reloaded if the last request is more then interval
98	# seconds in the past. A value of 0 means that the pattern database is never
99	# reloaded, to update patterns, the server must be gracefully restarted.
100	# Reloading is only necessary in local mode, in daemon mode its the daemon's
101	# business to keep the pattern matching engine up-to-date.
102
103	#
104	# ClamavTrickleInterval
105	#
106	# Syntax: ClamavTrickleInterval interval
107	# Default: ClamavTrickleInterval 60
108	# Context: server config, virtual host, directory
109	#
110	# This directive sets the interval at which a block (normaly one byte, but
111	# configurable with the ClamavTrickleSize directive) of the incoming data
112	# is sent to the browser to keep it happy. If your browsers are tolerant of
113	# long delays, this value can be increased.
114	#
115	# Note that the trickle interval has a side effect that can affect your link
116	# load considerably: only when the trickle is sent to the client will the
117	# module be able to detect that the client has aborted the connection.
118	# A long trickle interval means that the server will continue downloading
119	# the file, although the client is no longer interested. This can fill up
120	# you link with downloads still going on no user is interested in.
121	#
122	# Browsers behave quite differently with respect to timeouts. For some
123	# browsers, a single byte is not good enough, so you will want to increase
124	# the trickle size to a larger value. Download speeds below 1 byte/sec seem
125	# to be a problem for browsers. Apple's Safari browser times out after
126	# 60 seconds (Mozilla seems to be more patient), so you will have do make
127	# the trickle interval smaller than 60. Note also that the trickle interval
128	# is a minimum value, if a packet arrives from the remote server after that
129	# interval, then a trickle block is sent to the browser client.
130	# If no packets arrive from the remote server, no trickle blocks are sent
131	# to client either.
132
133	#
134	# ClamavTrickleSize
135	#
136	# Syntax: ClamavTrickleSize size
137	# Default: ClamavTrickleSize 1
138	# Context: server config, virtual host, directory
139	#
140	# This directive sets the size of the block sent after each trickle interval.
141	# See the description of the ClamavTrickleInterval directive for details.
142
143	#
144	# ClamavMaxfiles
145	#
146	# Syntax: ClamavMaxfiles number-of-files
147	# Default: none
148	# Context: server config, virtual host, directory
149	#
150	# This directive sets the maxfiles limit variable in Clamav, please read the
151	# Clamav for the exact implications of this.
152
153	#
154	# ClamavMaxfilesize
155	#
156	# Syntax: ClamavMaxfilesize filesize
157	# Default: none
158	# Context: server config, virtual host, directory
159	#
160	# This directive sets the maxfilesize limit variable in Clamav, please
161	# read the Clamav documentation for the exact implications of this.
162
163	#
164	# ClamavRecursion
165	#
166	# Syntax: ClamavRecursion depth
167	# Default: none
168	# Context: server config, virtual host, directory
169	#
170	# This directive sets the recursion depth limit variable in Clamav, please
171	# read the Clamav for the exact implications of this.
172
173	#
174	# ClamavSafetypes
175	#
176	# Syntax: ClamavSafetypes safe-mime-type ...
177	# Default: none
178	# Context: server config, virtual host, directory
179	#
180	# Use this directive to specify a list of mime types that can safely be bypassed.
181
182	#
183	# ClamavSizelimit
184	#
185	# Syntax: ClamavSize size
186	# Default: ClamavSizelimit 0
187	# Context: server config, virtual host, directory
188	#
189	# This directive sets the size of the largest part of a file that will be
190	# checked. By default, its value is 0, meaning the a file is scanned in its
191	# entirety. For a positive value, a chunk of at least size bytes
192	# is downloaded and checked for viruses. If nothing is found, the rest of
193	# the file is downloaded without checking.
194
da9fa9f0	195	# vim: filetype=apache ts=4 sw=4 et