LogLevel
{logging level}
|
Logging level of the component.
If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.
Default value: Notice
|
Log
{log type}
|
Logging method of the component.
Default value: Auto
|
ExePath
{path to file}
|
Executable path to the component.
Default value: <opt_dir>/bin/drweb-clamd.
•For GNU/Linux: /opt/drweb.com/bin/drweb-clamd. •For FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-clamd |
Start
{Boolean}
|
The component must be launched by the Dr.Web ConfigD configuration daemon.
When you specify the Yes value for this parameter, it instructs the configuration daemon to start the component immediately; and when you specify the No value, it instructs the configuration daemon to terminate the component immediately.
Default value: No
|
Endpoint.<tag>.ClamdSocket
{IP address | UNIX socket}
|
Create a new connection point naming it <tag> and allocates a socket (IPv4 address or address of a UNIX socket) for clients that need to scan files for threats.
Only one socket can be specified for one <tag> point.
Default value: not set
|
[Endpoint.<tag>.]DetectSuspicious
{Boolean}
|
Inform about suspicious files detected by the heuristic analyzer.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: Yes
|
[Endpoint.<tag>.]DetectAdware
{Boolean}
|
Inform about files containing adware.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: Yes
|
[Endpoint.<tag>.]DetectDialers
{Boolean}
|
Inform about files containing dialers.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: Yes
|
[Endpoint.<tag>.]DetectJokes
{Boolean}
|
Inform about files containing jokes.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: No
|
[Endpoint.<tag>.]DetectRiskware
{Boolean}
|
Inform about files containing riskware.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: No
|
[Endpoint.<tag>.]DetectHacktools
{Boolean}
|
Inform about files containing hacktools.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: No
|
[Endpoint.<tag>.]ReadTimeout
{time interval}
|
Maximum time-out to wait for data from a client.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: 5s
|
[Endpoint.<tag>.]StreamMaxLength
{size}
|
Maximum size of data that can be received from a client (for transmitting data to scan as a stream of bytes).
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: 25mb
|
[Endpoint.<tag>.]ScanTimeout
{time interval}
|
Maximum time to scan one file (or one portion of data) received from a client.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Acceptable values: from 1 second (1s) to 1 hour (1h).
Default value: 3m
|
[Endpoint.<tag>.]HeuristicAnalysis
{On | Off}
|
Enable heuristic analysis for scanning.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
Default value: On
|
[Endpoint.<tag>.]PackerMaxLevel
{integer}
|
Maximum nesting level for packed objects. A packed object is executable code compressed with special software (UPX, PELock, PECompact, Petite, ASPack, Morphine, etc.). Such objects may include other packed objects which may also include packed objects, etc. The maximum nesting level is the limit beyond which packed objects inside other packed objects are not scanned.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[Endpoint.<tag>.]ArchiveMaxLevel
{integer}
|
Maximum nesting level for archives (zip, rar, etc.) that can be scanned. Archives may include archives in which other archives may also be enclosed and so on. The maximum nesting level is the limit beyond which archives inside archives are not scanned.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[Endpoint.<tag>.]MailMaxLevel
{integer}
|
Maximum nesting level for files of mailers (pst, tbb and so on) in which other files may be enclosed (and these files may also include other files and so on). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[Endpoint.<tag>.]ContainerMaxLevel
{integer}
|
Maximum nesting level for other types of objects containing other objects (for instance, for HTML pages or jar files). The maximum nesting level is the limit beyond which objects inside objects are not scanned.
If the Endpoint.<tag> prefix is specified, it means that the parameter value is set only for the <tag> connection point; otherwise, it is set for all points which do not have another value of this parameter specified for them.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[Endpoint.<tag>.]MaxCompressionRatio
{integer}
|
Maximum allowed compression ratio of compressed/packed objects (ratio between the uncompressed size and the compressed size). If the ratio of an object exceeds the limit, this object will be skipped during the scanning.
The compression ratio must not be smaller than 2.
Default value: 500
|