-
Notifications
You must be signed in to change notification settings - Fork 6
/
zavd.conf
281 lines (210 loc) · 8.61 KB
/
zavd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
###############################################################################
## ##
## Zoner AntiVirus configuration file ##
## ##
###############################################################################
###############################################################################
# CONFIGURATION NOTES
#
# 1: Any changes will only take effect after restarting ZAVd:
# /etc/init.d/zavd restart
# or run /opt/zav/bin/zavd -c /opt/zav/etc --restart
#
# 2: You can use units of time (h, m, s, hr, min, sec) and size (GB, MB, kB, B)
# for all appropriate fields: 1024 or 1024 B or 1 kB or 1kiB
# 300 or 300 s or 5 min, etc.
###############################################################################
# DAEMON SETUP
#
# This section configures general options of the ZAV daemon (ZAVd)
# and its modules.
# Any paths should not be shared with other ZAVd instances
# or any other applications due to possible access violations
# (except for PATH TMP).
# User and group to run ZAVd as. User is required, group is optional.
# We recommend you not to run ZAVd with root privileges.
# If you decide to change the user:group setting, please run the following:
# chown user:group PATH_LIB PATH_LIB/zavdupd.ver
# chown -R user:group PATH_RUN PATH_LOG
ZAVD_USER = "zavd"
ZAVD_GROUP = "zavd"
# You can define ZAVd process priority.
ZAVD_PRIORITY = 0
# Directory with ZAV configuration files.
PATH_ETC = "/etc/zav"
# Directory with ZAV libraries, has to be writable by ZAVD_USER.
PATH_LIB = "/opt/zav/lib"
# Directory with ZAV logfiles, has to be writable by ZAVD_USER.
PATH_LOG = "/var/log/zav"
# Directory with ZAV runtime files, has to be writable by ZAVD_USER.
PATH_RUN = "/var/run/zav"
# Directory for ZAV tempfiles, has to be writable by ZAVD_USER.
PATH_TMP = "/tmp"
###############################################################################
# SCANNING SETUP
#
# This section configures the file scanner
# Specifies the depth level of the scanning:
# (FASTEST, NORMAL, ADVANCED or BRUTE)
# The level determines limits of memory, recursions etc.
SCAN_LEVEL = NORMAL
# Do not terminate the scanning process if suspicious pattern is found.
# Continue in scanning until a particular virus is found.
SCAN_FULL = NO
# Enable heuristic analysis
SCAN_HEURISTICS = YES
# Enable PE EXE emulator to perform code analysis
SCAN_EMULATION = YES
# Enable archives decompression
SCAN_ARCHIVES = YES
# Enable runtime-packers decompression
SCAN_PACKERS = YES
# Enable usage of Generic Detection Language
SCAN_GDL = YES
# Enable phishing detection
SCAN_PHISHING = NO
# Enable deep scan (not only first few MB)
SCAN_DEEP = NO
# Set limit for maximal filesize for packed files, more will not be unpacked
# Comment out for no limit
SCAN_MAX_SIZE = 128 MB
# Set limit for maximal file count for packed files, more are not checked
# Comment out for no limit
SCAN_MAX_FILES = 128
# Set limit for maximal scan level inside nested archives
# Comment out for no limit
SCAN_RECURSION = 16
# Maximal amount of seconds allowed for scanning a single file
SCAN_TIMEOUT = 5 min
# Specifies how many scanning processes may run at a time
SCAN_INSTANCES = 3
# Specifies the memory limit for each scanning process (32 MB minimum)
SCAN_MEMORY = 128 MB
###############################################################################
# LOGGING SETUP
#
# This section configures ZAVd logging output.
# Send messages to a syslog daemon.
LOG_SYSLOG = YES
# Syslog facility (e.g. mail, daemon, local0, ..).
LOG_SYSLOG_FACILITY = daemon
# Save messages to a log file.
LOG_ZAVDLOG = YES
# Maximum size of ZAVd logfile in bytes.
LOG_MAX_SIZE = 128 MB
# Enable compression of ZAVd logging file when its size exceeds LOG_MAX_SIZE
LOG_ROTATE = NO
# What type of scan results you want to log on ZAVd's side.
LOG_SCANERROR = YES
LOG_CLEAN = NO
LOG_INFECTED = YES
LOG_PROBINFECTED = NO
LOG_SUSPICIOUS = NO
LOG_NONSTANDARD = NO
LOG_UNKNOWN = NO
LOG_TIMEOUT = NO
# Log the duration of scan and the size of the scanned file/memory.
LOG_STATS = NO
# Send messages to a tty.
#LOG_TTY = ""
###############################################################################
# UPDATING SETUP
#
# ZAVd can update the antivirus system automatically.
# You have to fill your license key in the UPDATE KEY correctly to be allowed
# to download the update files.
# Enable automatic updating of Zoner AntiVirus
UPDATE_ENABLE = YES
# Specifies the time between the update requests
UPDATE_INTERVAL = 30 min
# Update server to log on to
UPDATE_SERVER = "update.zonerantivirus.com"
# Your license key for accessing ZAV update
UPDATE_KEY = ""
# Log update progress and up-to-date messages
UPDATE_VERBOSE = NO
###############################################################################
# ZAV REPORTING SETUP
#
# ZAVd can send debugging information when a critical error (bug) occurs
# as well as suspicious files to be analyzed in order to inform ZAV laboratory
# about new virus epidemy. We recommend you to let these settings turned on.
# Enable error reporting
REPORT_ERRORS = YES
# Enable virus samples reporting
REPORT_SAMPLES = YES
# Enable LiveThreat reporting, note that LOG_INFECTED has to be set.
REPORT_STATS = YES
###############################################################################
# INOTIFY MODULE SETUP
#
# The ZAVNotify module provides on-access functionality for ZAVd.
# It is based on iNotify notification system in the kernel
#
# You must specify a separate file for watched directories and their specific
# configuration to keep the main file clean.
#
# BEWARE: iNotify userspace functions require glibc-2.4, when missing
# the module will be disabled.
# Enable iNotify module in ZAVd
ZAVNOTIFY_ENABLE = NO
# The queue size for files awaiting to be scanned
ZAVNOTIFY_QUEUE_SIZE = 4194304
# Directory to move infected files to (if action set to MOVE)
#ZAVNOTIFY_DIRECTORY = ""
# The configuration file for watched (and excluded) directories and their
# specific options
ZAVNOTIFY_CONFIG = "zavnotify.conf.sample"
###############################################################################
# LMTP MODULE SETUP
#
# The LMTP module provides mailserver functionality to ZAVd.
#
# You can include a configuration file for each domain (with separate process).
# Each domain can have a different configuration (including scan options).
# In each file you must setup the connection with an MTA (like postfix)
# and actions to be taken when a scan result is received.
# Enable LMTP module in ZAVd
ZAVLMTP_ENABLE = NO
# Domain configuration files
ZAVLMTP_DOMAIN = zavlmtp.conf.sample
###############################################################################
# ICAP MODULE SETUP
#
# The ICAP module provides proxyserver functionality to ZAVd.
#
# You can include a configuration file for each proxy domain.
# Each domain can have a different configuration (including scan options).
# In each file you must setup the connection with a proxyserver (like squid)
# and actions to be taken when a scan result is received.
# Enable ICAP module in ZAVd
ZAVICAP_ENABLE = NO
# Domain configuration files
ZAVICAP_DOMAIN = zavicap.conf.sample
###############################################################################
# LD_PRELOAD MODULE SETUP
#
# The ZAVLD module provides an alternative on-access functionality for ZAVd.
# It is based on hooking close() calls via LD_PRELOAD variable.
# See man zavld(7) for more information.
#
# You must specify a separate file to set which files should be scanned
# and which scan configuration to use.
# Enable LD_PRELOAD module in ZAVd
ZAVLD_ENABLE = NO
# For kernels older than 2.6.22 (you should consider upgrading anyway),
# /proc access is denied for setuid programs. This can overcome the problem.
# **WARNING** this option requires zavd to be started as root. All modules
# except this one will run as ZAVD_USER:ZAVD_GROUP, leaving zavd itself and
# this module running as root processes!
ZAVLD_PROC_WORKAROUND = NO
# Directory to move infected files to (if action set to MOVE)
#ZAVLD_DIRECTORY = ""
# How to react to locked files (by flock(), not fcntl(); see man zavd.conf(5)):
# BLOCK - treat the file as others, the client application can be blocked
# UNLOCK - unlock all files first, can change the client's behaviour
# SKIP - test files for locks and skip flock-ed files
ZAVLD_FLOCK = SKIP
# The configuration file for watched (and excluded) directories and their
# specific options
ZAVLD_CONFIG = "zavld.conf.sample"