[packages/apache-mod_clamav.git] / apache-mod_clamav.conf

LoadModule clamav_module    lib/apache/mod_clamav.so

#
# Here is a configuration for an Apache proxy that scans everything except some 
# image types for viruses, using the database files in /var/lib/clamav 
# While downloading files, mod_clamav will write a copy of the file it will later 
# scan for viruses in /tmp/clamav.

# ClamavTmpdir    /tmp/clamav
# ClamavDbdir     /var/lib/clamav
# ClamavSafetypes image/gif image/jpeg image/png
#
# <Proxy *>
#   SetOutputFilter CLAMAV
# </Proxy>
#
# The status page can be enabled with the Location
#
# <Location /clamav>
#    SetHandler clamav
#    Require all denied
#    Require local
# </Location>
#
# Please note that not restricting access to this location may reveal 
# sensitive information.


###############################################################################
# Reference
###############################################################################
#
# All the available directives are described below

#
# ClamavMode
#
# Syntax: ClamavMode local | daemon
# Default: ClamavMode local
# Context: server config, virtual host, directory
#
# If the module is supposed to use the clamav library directly, 
# use local mode. In daemon mode, the module queries a remote clamd 
# (on the same machine, of course) for virus checking. 
# The connection to the daemon must be configured using the ClamavSocket 
# or ClamavPort directives

#
# ClamavSocket
#
# Syntax: ClamavSocket unix-domain-socket
# Default: none
# Context: server config, virtual host, directory
# 
# Specifies the path where the Clamav daemon clamd is listening. If this 
# directive is not set, the daemon mode of the module assumes 
# a TCP connection to the Clamav daemon.

#
# ClamavPort
#
# Syntax: ClamavPort port
# Default: none
# Context: server config, virtual host, directory
# 
# Specifies the port number on which the clamav daemon is listening. 
# Not that this directive only has any effect if ClamavSocket is not specified.

#
# ClamavTmpdir
#
# Syntax: ClamavTmpdir tmp-dir
# Default: ClamavTmpdir /tmp
# Context: server config, virtual host, directory
# 
# This directive defines the directory where temporary files should be stored 
# until the can be scanned for viruses.

#
# ClamavDbdir
#
# Syntax: ClamavDbdir virus-pattern-dir
# Default: same as that of your clamav installation
# Context: server config, virtual host, directory
# 
# This directive defines the directory from which virus patterns are loaded.

#
# ClamavReloadInterval
#
# Syntax: ClamavReloadInterval interval
# Default: 0
# Context: server config, virtual host, directory
# 
# The pattern database is reloaded if the last request is more then interval 
# seconds in the past. A value of 0 means that the pattern database is never 
# reloaded, to update patterns, the server must be gracefully restarted. 
# Reloading is only necessary in local mode, in daemon mode its the daemon's 
# business to keep the pattern matching engine up-to-date.

#
# ClamavTrickleInterval
#
# Syntax: ClamavTrickleInterval interval
# Default: ClamavTrickleInterval 60
# Context: server config, virtual host, directory
#
# This directive sets the interval at which a block (normaly one byte, but 
# configurable with the ClamavTrickleSize directive) of the incoming data 
# is sent to the browser to keep it happy. If your browsers are tolerant of 
# long delays, this value can be increased.
#
# Note that the trickle interval has a side effect that can affect your link 
# load considerably: only when the trickle is sent to the client will the 
# module be able to detect that the client has aborted the connection. 
# A long trickle interval means that the server will continue downloading 
# the file, although the client is no longer interested. This can fill up 
# you link with downloads still going on no user is interested in.
#
# Browsers behave quite differently with respect to timeouts. For some 
# browsers, a single byte is not good enough, so you will want to increase 
# the trickle size to a larger value. Download speeds below 1 byte/sec seem 
# to be a problem for browsers. Apple's Safari browser times out after 
# 60 seconds (Mozilla seems to be more patient), so you will have do make 
# the trickle interval smaller than 60. Note also that the trickle interval 
# is a minimum value, if a packet arrives from the remote server after that 
# interval, then a trickle block is sent to the browser client. 
# If no packets arrive from the remote server, no trickle blocks are sent 
# to client either.

#
# ClamavTrickleSize
#
# Syntax: ClamavTrickleSize size
# Default: ClamavTrickleSize 1
# Context: server config, virtual host, directory
# 
# This directive sets the size of the block sent after each trickle interval. 
# See the description of the ClamavTrickleInterval directive for details.

#
# ClamavMaxfiles
#
# Syntax: ClamavMaxfiles number-of-files
# Default: none
# Context: server config, virtual host, directory
#
# This directive sets the maxfiles limit variable in Clamav, please read the 
# Clamav for the exact implications of this.

#
# ClamavMaxfilesize
#
# Syntax: ClamavMaxfilesize filesize
# Default: none
# Context: server config, virtual host, directory
#
# This directive sets the maxfilesize limit variable in Clamav, please 
# read the Clamav documentation for the exact implications of this.

#
# ClamavRecursion
#
# Syntax: ClamavRecursion depth
# Default: none
# Context: server config, virtual host, directory
#
# This directive sets the recursion depth limit variable in Clamav, please 
# read the Clamav for the exact implications of this.

#
# ClamavSafetypes
#
# Syntax: ClamavSafetypes safe-mime-type ...
# Default: none
# Context: server config, virtual host, directory
#
# Use this directive to specify a list of mime types that can safely be bypassed.

#
# ClamavSizelimit
#
# Syntax: ClamavSize size
# Default: ClamavSizelimit 0
# Context: server config, virtual host, directory
#
# This directive sets the size of the largest part of a file that will be 
# checked. By default, its value is 0, meaning the a file is scanned in its 
# entirety. For a positive value, a chunk of at least size bytes 
# is downloaded and checked for viruses. If nothing is found, the rest of 
# the file is downloaded without checking. 

# vim: filetype=apache ts=4 sw=4 et
Commit	Line	Data
b466d7a4	1	LoadModule clamav_module lib/apache/mod_clamav.so
	2
	3	#
	4	# Here is a configuration for an Apache proxy that scans everything except some
	5	# image types for viruses, using the database files in /var/lib/clamav
	6	# While downloading files, mod_clamav will write a copy of the file it will later
	7	# scan for viruses in /tmp/clamav.
	8
	9	# ClamavTmpdir /tmp/clamav
	10	# ClamavDbdir /var/lib/clamav
	11	# ClamavSafetypes image/gif image/jpeg image/png
	12	#
	13	# <Proxy *>
	14	# SetOutputFilter CLAMAV
	15	# </Proxy>
	16	#
	17	# The status page can be enabled with the Location
	18	#
	19	# <Location /clamav>
	20	# SetHandler clamav
71357e66 JR	21	# Require all denied
71357e66 JR	22	# Require local
b466d7a4	23	# </Location>
	24	#
	25	# Please note that not restricting access to this location may reveal
	26	# sensitive information.
	27
	28
	29	###############################################################################
	30	# Reference
	31	###############################################################################
	32	#
	33	# All the available directives are described below
	34
	35	#
	36	# ClamavMode
	37	#
	38	# Syntax: ClamavMode local \| daemon
	39	# Default: ClamavMode local
	40	# Context: server config, virtual host, directory
	41	#
	42	# If the module is supposed to use the clamav library directly,
	43	# use local mode. In daemon mode, the module queries a remote clamd
	44	# (on the same machine, of course) for virus checking.
	45	# The connection to the daemon must be configured using the ClamavSocket
	46	# or ClamavPort directives
	47
	48	#
	49	# ClamavSocket
	50	#
	51	# Syntax: ClamavSocket unix-domain-socket
	52	# Default: none
	53	# Context: server config, virtual host, directory
	54	#
	55	# Specifies the path where the Clamav daemon clamd is listening. If this
	56	# directive is not set, the daemon mode of the module assumes
	57	# a TCP connection to the Clamav daemon.
	58
	59	#
	60	# ClamavPort
	61	#
	62	# Syntax: ClamavPort port
	63	# Default: none
	64	# Context: server config, virtual host, directory
	65	#
	66	# Specifies the port number on which the clamav daemon is listening.
	67	# Not that this directive only has any effect if ClamavSocket is not specified.
	68
	69	#
	70	# ClamavTmpdir
	71	#
	72	# Syntax: ClamavTmpdir tmp-dir
	73	# Default: ClamavTmpdir /tmp
	74	# Context: server config, virtual host, directory
	75	#
	76	# This directive defines the directory where temporary files should be stored
	77	# until the can be scanned for viruses.
	78
	79	#
	80	# ClamavDbdir
	81	#
	82	# Syntax: ClamavDbdir virus-pattern-dir
	83	# Default: same as that of your clamav installation
	84	# Context: server config, virtual host, directory
	85	#
	86	# This directive defines the directory from which virus patterns are loaded.
87
88	#
89	# ClamavReloadInterval
90	#
91	# Syntax: ClamavReloadInterval interval
92	# Default: 0
93	# Context: server config, virtual host, directory
94	#
95	# The pattern database is reloaded if the last request is more then interval
96	# seconds in the past. A value of 0 means that the pattern database is never
97	# reloaded, to update patterns, the server must be gracefully restarted.
98	# Reloading is only necessary in local mode, in daemon mode its the daemon's
99	# business to keep the pattern matching engine up-to-date.
100
101	#
102	# ClamavTrickleInterval
103	#
104	# Syntax: ClamavTrickleInterval interval
105	# Default: ClamavTrickleInterval 60
106	# Context: server config, virtual host, directory
107	#
108	# This directive sets the interval at which a block (normaly one byte, but
109	# configurable with the ClamavTrickleSize directive) of the incoming data
110	# is sent to the browser to keep it happy. If your browsers are tolerant of
111	# long delays, this value can be increased.
112	#
113	# Note that the trickle interval has a side effect that can affect your link
114	# load considerably: only when the trickle is sent to the client will the
115	# module be able to detect that the client has aborted the connection.
116	# A long trickle interval means that the server will continue downloading
117	# the file, although the client is no longer interested. This can fill up
118	# you link with downloads still going on no user is interested in.
119	#
120	# Browsers behave quite differently with respect to timeouts. For some
121	# browsers, a single byte is not good enough, so you will want to increase
122	# the trickle size to a larger value. Download speeds below 1 byte/sec seem
123	# to be a problem for browsers. Apple's Safari browser times out after
124	# 60 seconds (Mozilla seems to be more patient), so you will have do make
125	# the trickle interval smaller than 60. Note also that the trickle interval
126	# is a minimum value, if a packet arrives from the remote server after that
127	# interval, then a trickle block is sent to the browser client.
128	# If no packets arrive from the remote server, no trickle blocks are sent
129	# to client either.
130
131	#
132	# ClamavTrickleSize
133	#
134	# Syntax: ClamavTrickleSize size
135	# Default: ClamavTrickleSize 1
136	# Context: server config, virtual host, directory
137	#
138	# This directive sets the size of the block sent after each trickle interval.
139	# See the description of the ClamavTrickleInterval directive for details.
140
141	#
142	# ClamavMaxfiles
143	#
144	# Syntax: ClamavMaxfiles number-of-files
145	# Default: none
146	# Context: server config, virtual host, directory
147	#
148	# This directive sets the maxfiles limit variable in Clamav, please read the
149	# Clamav for the exact implications of this.
150
151	#
152	# ClamavMaxfilesize
153	#
154	# Syntax: ClamavMaxfilesize filesize
155	# Default: none
156	# Context: server config, virtual host, directory
157	#
158	# This directive sets the maxfilesize limit variable in Clamav, please
159	# read the Clamav documentation for the exact implications of this.
160
161	#
162	# ClamavRecursion
163	#
164	# Syntax: ClamavRecursion depth
165	# Default: none
166	# Context: server config, virtual host, directory
167	#
168	# This directive sets the recursion depth limit variable in Clamav, please
169	# read the Clamav for the exact implications of this.
170
171	#
172	# ClamavSafetypes
173	#
174	# Syntax: ClamavSafetypes safe-mime-type ...
175	# Default: none
176	# Context: server config, virtual host, directory
177	#
178	# Use this directive to specify a list of mime types that can safely be bypassed.
179
180	#
181	# ClamavSizelimit
182	#
183	# Syntax: ClamavSize size
184	# Default: ClamavSizelimit 0
185	# Context: server config, virtual host, directory
186	#
187	# This directive sets the size of the largest part of a file that will be
188	# checked. By default, its value is 0, meaning the a file is scanned in its
189	# entirety. For a positive value, a chunk of at least size bytes
190	# is downloaded and checked for viruses. If nothing is found, the rest of
191	# the file is downloaded without checking.
192
da9fa9f0	193	# vim: filetype=apache ts=4 sw=4 et