Document clamd --config-file vs clamdscan --config-file

[bbodenmiller]

Based on the docs it is not clear why both clamd and clamdscan have a --config-file option since clamdscan uses previously started clamd under the hood.

[aarowman]

This has also confused me and I'm scared not to always put the same config on both, in case they don't both pick it up

[val-ms]

clamdscan does not start clamd for you automatically. Depending on your configuration, clamd may be started at boot by a service manager / init script, but it isn't started by clamdscan.
The primarily reason for clamdscan's --config-file option, is that clamdscan needs to read the socket option (TCPSocket or LocalSocket) so that it knows how to to talk to clamd. But there is a default config file path set up during the build. As long as you're using the default config file path, you never have to specify --config-file and both programs will find it on their own.

[val-ms]

If you run clamconf it will print out your configs. At the top, it also prints out the path where it searches for the config.

E.g. I installed clamav 0.105.0-rc to $HOME/clams/0.105.0-rc2, so when I run that clamconf`, I see:

❯ ~/clams/0.105.0-rc2/bin/clamconf
Checking configuration files in /home/micasnyd/clams/0.105.0-rc2/etc
...

[aarowman]

@micahsnyder Does clamdscan only use a subset of the config? Meaning it ignores a lot of the config settings because clamd will be applying it? Is that documented anywhere so we can know which config options are important for which part?

[val-ms]

@aarowman sorry about the delay -- I didn't see the notification for your question. Yes, clamdscan and clamonacc all use clamd.conf for some some information to include the clamd socket information. clamonacc has quite a few more configuration options in there, and they're all pretty recognizable by name. clamav-milter has it's own config file. I don't believe it uses clamd.conf at all, not even for the socket information.

In terms of what clamdscan used from clamd.conf. No it's not documented anywhere. But from what I can tell, in addition to the socket information (LocalSocket, TCPSocket, and TCPAddr), it uses:

• MaxDirectoryRecursion
• StreamMaxLength
• FollowDirectorySymlinks
• FollowFileSymlinks
• ExcludePath

[aarowman]

Sounds like a good thing that should be documented (the reason behind this issue)

On Thu, Jul 21, 2022, 4:37 PM Micah Snyder @.***> wrote:

@aarowman https://github.com/aarowman sorry about the delay -- I didn't see the notification for your question. Yes, clamdscan and clamonacc all use clamd.conf for some some information to include the clamd socket information. clamonacc has quite a few more configuration options in there, and they're all pretty recognizable by name. clamav-milter has it's own config file. I don't believe it uses clamd.conf at all, not even for the socket information.

In terms of what clamdscan used from clamd.conf. No it's not documented anywhere. But from what I can tell, in addition to the socket information ( LocalSocket, TCPSocket, and TCPAddr), it uses:

• MaxDirectoryRecursion
• StreamMaxLength
• FollowDirectorySymlinks
• FollowFileSymlinks
• ExcludePath

— Reply to this email directly, view it on GitHub https://github.com/Cisco-Talos/clamav/issues/632#issuecomment-1191959399, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANF5BILFQTR6EEMB5R2MCPDVVG7IVANCNFSM53J4ZIDA . You are receiving this because you were mentioned.Message ID: @.***>

[val-ms]

@aarowman do you have an idea for where it may fit nicely in our documentation? https://docs.clamav.net/

Pull requests are welcome in our documentation markdown repository https://github.com/Cisco-Talos/clamav-documentation