<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta name="generator" content="pandoc" /> <title></title> <style type="text/css">code{white-space: pre;}</style> <style type="text/css"> div.sourceCode { overflow-x: auto; } table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode { margin: 0; padding: 0; vertical-align: baseline; border: none; } table.sourceCode { width: 100%; line-height: 100%; } td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; } td.sourceCode { padding-left: 5px; } code > span.kw { color: #007020; font-weight: bold; } /* Keyword */ code > span.dt { color: #902000; } /* DataType */ code > span.dv { color: #40a070; } /* DecVal */ code > span.bn { color: #40a070; } /* BaseN */ code > span.fl { color: #40a070; } /* Float */ code > span.ch { color: #4070a0; } /* Char */ code > span.st { color: #4070a0; } /* String */ code > span.co { color: #60a0b0; font-style: italic; } /* Comment */ code > span.ot { color: #007020; } /* Other */ code > span.al { color: #ff0000; font-weight: bold; } /* Alert */ code > span.fu { color: #06287e; } /* Function */ code > span.er { color: #ff0000; font-weight: bold; } /* Error */ code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */ code > span.cn { color: #880000; } /* Constant */ code > span.sc { color: #4070a0; } /* SpecialChar */ code > span.vs { color: #4070a0; } /* VerbatimString */ code > span.ss { color: #bb6688; } /* SpecialString */ code > span.im { } /* Import */ code > span.va { color: #19177c; } /* Variable */ code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */ code > span.op { color: #666666; } /* Operator */ code > span.bu { } /* BuiltIn */ code > span.ex { } /* Extension */ code > span.pp { color: #bc7a00; } /* Preprocessor */ code > span.at { color: #7d9029; } /* Attribute */ code > span.do { color: #ba2121; font-style: italic; } /* Documentation */ code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */ code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */ code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */ </style> <link rel="stylesheet" href="/en/github.css" type="text/css" /> </head> <body> <h1 id="dynamic-configuration-dconf">Dynamic Configuration (DCONF)</h1> <p>ClamAV supports a limited set of configuration options that may be enabled or disabled via settings in the <code>*.cfg</code> database. At this time, these settings are distributed in <code>daily.cfg</code>.</p> <p>The goal of DCONF is to enable the ClamAV team to rapidly disable new or experimental features for specific ClamAV versions if a significant defect is discovered after release.</p> <p>This database is small, and the settings are largely vestigial. The team has not had a need to disable many features in a long time, and so the ClamAV versions in the settings at this time should no longer be in use.</p> <p>The strings and values referenced in <code>daily.cfg</code> are best cross-referenced with the macros and structures defined here:</p> <ul> <li><a href="https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/libclamav/dconf.h#L49" class="uri">https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/libclamav/dconf.h#L49</a></li> <li><a href="https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/libclamav/dconf.c#L54" class="uri">https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/libclamav/dconf.c#L54</a></li> </ul> <p>The format for a DCONF signature is:</p> <pre><code>Category:Flags:StartFlevel:EndFlevel</code></pre> <p><code>Category</code> may be one of:</p> <ul> <li>PE</li> <li>ELF</li> <li>MACHO</li> <li>ARCHIVE</li> <li>DOCUMENT</li> <li>MAIL</li> <li>OTHER</li> <li>PHISHING</li> <li>BYTECODE</li> <li>STATS</li> <li>PCRE</li> </ul> <p><code>Flags</code>:</p> <p>Every feature that may be configured via DCONF is listed in <code>struct dconf_module modules</code> in <code>libclamav/dconf.c</code>. Any given feature may be default-on or default-off. Default-on features have the 4th field set to a <code>1</code> and default off are set to <code>0</code>. The <code>Flags</code> field for a given <code>Category</code> overrides the defaults for all of the options listed under that category.</p> <p>A settings of <code>0x0</code>, for example, means that all options the category be disabled.</p> <p>The macros listed in <code>libclamav/dconf.h</code> will help you identify which bits to set to get the desired results.</p> <p><code>StartFlevel</code>:</p> <p>This is the <a href="FunctionalityLevels.html">FLEVEL</a> of the minimum ClamAV engine for which you want the settings to be in effect.</p> <p><code>EndFlevel</code>:</p> <p>This is the <a href="FunctionalityLevels.html">FLEVEL</a> of the maximum ClamAV engine for which you want the settings to be in effect. You may wish to select <code>255</code> to override the defaults of future releases.</p> <h2 id="example">Example</h2> <p>Consider the <code>OTHER_CONF_PDFNAMEOBJ</code> option in the <code>category</code> <code>OTHER</code>.</p> <div class="sourceCode"><pre class="sourceCode c"><code class="sourceCode c"><span class="pp">#define OTHER_CONF_UUENC 0x1 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_SCRENC 0x2 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_RIFF 0x4 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_JPEG 0x8 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_CRYPTFF 0x10 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_DLP 0x20 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_MYDOOMLOG 0x40 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_PREFILTERING 0x80 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_PDFNAMEOBJ 0x100 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_PRTNINTXN 0x200 </span><span class="co">// Default: 1</span> <span class="pp">#define OTHER_CONF_LZW 0x400 </span><span class="co">// Default: 1</span></code></pre></div> <p>All of the <code>OTHER</code> options, including <code>OTHER_CONF_PDFNAMEOBJ</code> are default-on. To disable the option for ClamAV v0.100.X but leave the other options in their default settings, we would need to set the flags to:</p> <pre class="binary"><code>0110 1111 1111 ^pdfnameobj off</code></pre> <p>Or in hex: <code>0x6FF</code></p> <p>The example setting to place in <code>daily.cfg</code> then woudl be:</p> <pre><code>OTHER:0x6FF:90:99</code></pre> </body> </html>