64 lines
1.8 KiB
Nix
64 lines
1.8 KiB
Nix
|
{
|
||
|
|
den.aspects = {
|
||
|
|
clamav = {
|
||
|
|
nixos =
|
||
|
|
{ pkgs, ... }:
|
||
|
|
{
|
||
|
|
environment.systemPackages = [
|
||
|
|
pkgs.clamav
|
||
|
|
];
|
||
|
|
services.clamav = {
|
||
|
|
daemon = {
|
||
|
|
enable = true;
|
||
|
|
settings = {
|
||
|
|
# logging & performance
|
||
|
|
LogFile = "/var/log/clamav/clamd.log";
|
||
|
|
LogTime = true;
|
||
|
|
LogVerbose = false;
|
||
|
|
ExtendedDetectionInfo = true;
|
||
|
|
PidFile = "/run/clamav/clamd.pid";
|
||
|
|
TemporaryDirectory = "/tmp";
|
||
|
|
LocalSocket = "/run/clamav/clamd.ctl";
|
||
|
|
# scanning limits
|
||
|
|
MaxScanSize = "100M";
|
||
|
|
MaxFileSize = "100M";
|
||
|
|
MaxRecursion = 16;
|
||
|
|
MaxFiles = 10000;
|
||
|
|
StreamMaxLength = "25M";
|
||
|
|
# heuristics & security
|
||
|
|
HeuristicAlerts = true;
|
||
|
|
StructuredDataDetection = false;
|
||
|
|
ScanPE = true;
|
||
|
|
ScanELF = true;
|
||
|
|
ScanOLE2 = true;
|
||
|
|
ScanPDF = true;
|
||
|
|
ScanHTML = true;
|
||
|
|
ScanArchive = true;
|
||
|
|
# anti phishing
|
||
|
|
AlertPhishingSSLMismatch = true;
|
||
|
|
AlertPhishingCloak = true;
|
||
|
|
DetectPUA = true;
|
||
|
|
# bytecode
|
||
|
|
Bytecode = true;
|
||
|
|
BytecodeSecurity = "Paranoid";
|
||
|
|
BytecodeTimeout = 60000;
|
||
|
|
# real-time protection
|
||
|
|
# ScanOnAccess = true;
|
||
|
|
# OnAccessPrevention = true;
|
||
|
|
# OnAccessExtraScanning = true;
|
||
|
|
# OnAccessExcludeUname = "clamav"; # prevent loop
|
||
|
|
# OnAccessIncludePath = [
|
||
|
|
# "/home"
|
||
|
|
# "/tmp"
|
||
|
|
# ];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
updater = {
|
||
|
|
enable = true;
|
||
|
|
interval = "daily";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|