clamav { # If set force this action if any virus is found (default unset: no action is forced) action = "reject"; message = '${SCANNER}: virus found: "${VIRUS}"'; # Scan mime_parts seperately - otherwise the complete mail will be transfered to AV Scanner scan_mime_parts = true; # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity) scan_text_mime = false; scan_image_mime = false; # If `max_size` is set, messages > n bytes in size are not scanned max_size = 20000000; # symbol to add (add it to metric if you want non-zero weight) symbol = "CLAM_VIRUS"; # type of scanner: "clamav", "fprot", "sophos" or "savapi" type = "clamav"; # For "savapi" you must also specify the following variable #product_id = 12345; # You can enable logging for clean messages # log_clean = true; # servers to query (if port is unspecified, scanner-specific default is used) # can be specified multiple times to pool servers # can be set to a path to a unix socket # Enable this in local.d/antivirus.conf # servers = "127.0.0.1:3310"; servers = "@PREFIX@/var/run/clamav/clamd.socket"; # if `patterns` is specified virus name will be matched against provided regexes and the related # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. patterns { # symbol_name = "pattern"; JUST_EICAR = '^Eicar-Test-Signature$'; } patterns_fail { # symbol_name = "pattern"; CLAM_PROTOCOL_ERROR = '^unhandled response'; CLAM_LIMITS_EXCEEDED = '^Heuristics\.Limits\.Exceeded$'; } # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned. whitelist = "@PREFIX@/etc/rspamd/antivirus.wl"; }