ChadDevOps/clamd.conf

## clamd.conf
#/etc/clamav/clamd.conf
#Used with Virtualmin
#Tweak as needed

TCPSocket 3333
TCPAddr 127.0.0.1
User root
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 30
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanTime 120000
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OnAccessMaxFileSize 5M
OnAccessMountPath /home
OnAccessIncludePath /home
OnAccessExcludeUname root
OnAccessPrevention true
OnAccessExtraScanning false
VirusEvent /etc/clamav/detected.sh
OnAccessExcludeRootUID yes
OnAccessRetryAttempts 3

## clamonacc.service
# /etc/systemd/system/clamonacc.service
[Unit]
Description=ClamAV On Access Scanner
Requires=clamav-daemon.service
After=clamav-daemon.service syslog.target network.target

[Service]
Type=simple
User=root
ExecStart=/usr/bin/clamonacc -F --log=/var/log/clamav/clamonacc --move=/root/quarantine
Restart=on-failure
RestartSec=120s

[Install]
WantedBy=multi-user.target

## detected.sh
#!/bin/bash
#/etc/clamav/detected.sh
#modify reply and to addresses

PATH=/usr/bin
alert="Signature detected: $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME"

logtail="$(tail -n 50 /var/log/clamav/clamav.log | tac)"

# send email
export HOME=/root
/usr/bin/printf "Host: $HOSTNAME.\n$alert\n\ntail -n 50 /var/log/clamav/clamav.log\n\n\n$logtail" | /usr/bin/mailx -s "VIRUS ALERT - $HOSTNAME" -r REPLY@YOURDOMAIN.COM "ALERTS@YOURDOMNAIN.COM"

# Send the alert to systemd logger if exist, othewise to /var/log
if [[ -z $(command -v systemd-cat) ]]; then
        echo "$(date) - $alert" >> /var/log/clamav/detections.log
else
        echo "$alert" | /usr/bin/systemd-cat -t clamav -p emerg
fi
	#/etc/clamav/clamd.conf
	#Used with Virtualmin
	#Tweak as needed

	TCPSocket 3333
	TCPAddr 127.0.0.1
	User root
	ScanMail true
	ScanArchive true
	ArchiveBlockEncrypted false
	MaxDirectoryRecursion 15
	FollowDirectorySymlinks false
	FollowFileSymlinks false
	ReadTimeout 180
	MaxThreads 12
	MaxConnectionQueueLength 15
	LogSyslog false
	LogRotate true
	LogFacility LOG_LOCAL6
	LogClean false
	LogVerbose false
	PreludeEnable no
	PreludeAnalyzerName ClamAV
	DatabaseDirectory /var/lib/clamav
	OfficialDatabaseOnly false
	SelfCheck 3600
	Foreground false
	Debug false
	ScanPE true
	MaxEmbeddedPE 10M
	ScanOLE2 true
	ScanPDF true
	ScanHTML true
	MaxHTMLNormalize 10M
	MaxHTMLNoTags 2M
	MaxScriptNormalize 5M
	MaxZipTypeRcg 1M
	ScanSWF true
	ExitOnOOM false
	LeaveTemporaryFiles false
	AlgorithmicDetection true
	ScanELF true
	IdleTimeout 30
	CrossFilesystems true
	PhishingSignatures true
	PhishingScanURLs true
	PhishingAlwaysBlockSSLMismatch false
	PhishingAlwaysBlockCloak false
	PartitionIntersection false
	DetectPUA false
	ScanPartialMessages false
	HeuristicScanPrecedence false
	StructuredDataDetection false
	CommandReadTimeout 30
	SendBufTimeout 200
	MaxQueue 100
	ExtendedDetectionInfo true
	OLE2BlockMacros false
	AllowAllMatchScan true
	ForceToDisk false
	DisableCertCheck false
	DisableCache false
	MaxScanTime 120000
	MaxScanSize 100M
	MaxFileSize 25M
	MaxRecursion 16
	MaxFiles 10000
	MaxPartitions 50
	MaxIconsPE 100
	PCREMatchLimit 10000
	PCRERecMatchLimit 5000
	PCREMaxFileSize 25M
	ScanXMLDOCS true
	ScanHWP3 true
	MaxRecHWP3 16
	StreamMaxLength 25M
	LogFile /var/log/clamav/clamav.log
	LogTime true
	LogFileUnlock false
	LogFileMaxSize 0
	Bytecode true
	BytecodeSecurity TrustSigned
	BytecodeTimeout 60000
	OnAccessMaxFileSize 5M
	OnAccessMountPath /home
	OnAccessIncludePath /home
	OnAccessExcludeUname root
	OnAccessPrevention true
	OnAccessExtraScanning false
	VirusEvent /etc/clamav/detected.sh
	OnAccessExcludeRootUID yes
	OnAccessRetryAttempts 3
	# /etc/systemd/system/clamonacc.service
	[Unit]
	Description=ClamAV On Access Scanner
	Requires=clamav-daemon.service
	After=clamav-daemon.service syslog.target network.target

	[Service]
	Type=simple
	User=root
	ExecStart=/usr/bin/clamonacc -F --log=/var/log/clamav/clamonacc --move=/root/quarantine
	Restart=on-failure
	RestartSec=120s

	[Install]
	WantedBy=multi-user.target
	#!/bin/bash
	#/etc/clamav/detected.sh
	#modify reply and to addresses

	PATH=/usr/bin
	alert="Signature detected: $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME"

	logtail="$(tail -n 50 /var/log/clamav/clamav.log \| tac)"

	# send email
	export HOME=/root
	/usr/bin/printf "Host: $HOSTNAME.\n$alert\n\ntail -n 50 /var/log/clamav/clamav.log\n\n\n$logtail" \| /usr/bin/mailx -s "VIRUS ALERT - $HOSTNAME" -r REPLY@YOURDOMAIN.COM "ALERTS@YOURDOMNAIN.COM"

	# Send the alert to systemd logger if exist, othewise to /var/log
	if [[ -z $(command -v systemd-cat) ]]; then
	echo "$(date) - $alert" >> /var/log/clamav/detections.log
	else
	echo "$alert" \| /usr/bin/systemd-cat -t clamav -p emerg
	fi