commit
This commit is contained in:
parent
31560f486a
commit
2e41b73306
GPG key ID:
D7E63AD0019E75D9
6 changed files with 141 additions and 2 deletions
64
module/aspect/clamav.nix
Normal file
64
module/aspect/clamav.nix
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
{
|
||||
den.aspects = {
|
||||
clamav = {
|
||||
nixos =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [
|
||||
pkgs.clamav
|
||||
];
|
||||
services.clamav = {
|
||||
daemon = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# logging & performance
|
||||
LogFile = "/var/log/clamav/clamd.log";
|
||||
LogTime = true;
|
||||
LogVerbose = false;
|
||||
ExtendedDetectionInfo = true;
|
||||
PidFile = "/run/clamav/clamd.pid";
|
||||
TemporaryDirectory = "/tmp";
|
||||
LocalSocket = "/run/clamav/clamd.ctl";
|
||||
# scanning limits
|
||||
MaxScanSize = "100M";
|
||||
MaxFileSize = "100M";
|
||||
MaxRecursion = 16;
|
||||
MaxFiles = 10000;
|
||||
StreamMaxLength = "25M";
|
||||
# heuristics & security
|
||||
HeuristicAlerts = true;
|
||||
StructuredDataDetection = false;
|
||||
ScanPE = true;
|
||||
ScanELF = true;
|
||||
ScanOLE2 = true;
|
||||
ScanPDF = true;
|
||||
ScanHTML = true;
|
||||
ScanArchive = true;
|
||||
# anti phishing
|
||||
AlertPhishingSSLMismatch = true;
|
||||
AlertPhishingCloak = true;
|
||||
DetectPUA = true;
|
||||
# bytecode
|
||||
Bytecode = true;
|
||||
BytecodeSecurity = "Paranoid";
|
||||
BytecodeTimeout = 60000;
|
||||
# real-time protection
|
||||
# ScanOnAccess = true;
|
||||
# OnAccessPrevention = true;
|
||||
# OnAccessExtraScanning = true;
|
||||
# OnAccessExcludeUname = "clamav"; # prevent loop
|
||||
# OnAccessIncludePath = [
|
||||
# "/home"
|
||||
# "/tmp"
|
||||
# ];
|
||||
};
|
||||
};
|
||||
updater = {
|
||||
enable = true;
|
||||
interval = "daily";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue