<?xml version="1.0" encoding="UTF-8"?>

<!-- Only three options are mandatory:
      <clamd socket="" />
      <filesystem root="" />
      <filesystem mountpoint="" />

     All other can be removed, but this will disable related subsystem.
     For example removing <cache ... /> will disable caching completly. -->

<clamfs>
	<!-- Clamd socket -->
        <clamd socket="/var/run/clamav/clamd.ctl" />

	<!-- File system settings
	     root       - real directory to attach as our root
	     mountpoint - where to attach our root
	     public     - limit access to process owner only or make
	    		  file system publicly available for all users
	     nonempty	- allow mount to directory which contains
	    		  files or sub-directories -->
	<filesystem root="/tmp" mountpoint="/clamfs/tmp" public="yes" nonempty="yes" />

	<!-- Maximal file size (in bytes).
	     This option can speed up access to large files, as they will be
	     never scanned. On the other hand attacker can append long portion
	     of junk at the end of file to make it big enough to be omitted. -->
	<file maximal-size="2097152" /> <!-- 2MiB -->
	
	<!-- Whitelisted files are never scanned.
	     This can speed up access to some files, but be careful with this,
	     some data files like JPEG, RIFF or WMF can be prepared to cause
	     problems (like buffers overflows) in applications and thus execute
	     malicious code even not being executable itself. Finally even text
	     files can have "modeline" causing problems in some buggy editors. -->
	<whitelist>
	    <exclude extension="txt" /> <!-- text files -->
	    <exclude extension="dbx" /> <!-- form ClamWin -->
	    <exclude extension="tbb" /> <!-- form ClamWin -->
	    <exclude extension="pst" /> <!-- form ClamWin -->
	    <exclude extension="dat" /> <!-- form ClamWin -->
	    <exclude extension="log" /> <!-- form ClamWin -->
	    <exclude extension="nsf" /> <!-- form ClamWin -->
	    <exclude extension="ntf" /> <!-- form ClamWin -->
	</whitelist>

	<!-- Blacklisted files are scanned regardless of their sizes -->	
	<blacklist>
	    <include extension="exe" /> <!-- executable file -->
	    <include extension="com" /> <!-- executable file -->
	    <include extension="dll" /> <!-- library -->
	    <include extension="sys" /> <!-- system file / driver -->
	    <include extension="vbs" /> <!-- Visual Basic Script -->
	    <include extension="bat" /> <!-- DOS Batch file -->
	    <include extension="cmd" /> <!-- Windows Command file -->
	</blacklist>

	<!-- How many entries to keep in cache and for how long (in ms) -->
	<cache entries="16384" expire="10800000" /> <!-- 3h -->

	<!-- Logging method (stdout, syslog or file) -->
	<!-- <log method="stdout" verbose="yes" /> -->
	<log method="syslog" />
	<!-- <log method="file" filename="/var/log/clamfs.log" verbose="no" /> -->

	<!-- Send mail when virus is found -->
	<!-- <mail server="localhost" to="root@localhost" from="clamfs@localhost"
	     subject="ClamFS: Virus detected" /> -->
	<!-- subject="ClamFS: Virus detected on @@HOSTNAME@@" /> -->

	<!-- Debug settings -->
	<!-- <debug threads="no" fork="no" /> -->
</clamfs>
