#-----------------------------------------------------------------------------
#This file was automatically generated by pfSense
#
# To know to customize your configuration file, see squidclamav manpage
# or go to http://squidclamav.darold.net/
#
#-----------------------------------------------------------------------------

####
# Global configuration
####

# Maximum size of a file that may be scanned. Any file bigger that this value
# will not be scanned. If libarchive support is enable the value must be upper
# than banmaxsize otherwise this is the value of banmaxsize that will be taken.
maxsize 5M

# When a virus is found then redirect the user to this URL. If this directive
# is disabled squidclamav will use c-icap error templates to report issues.
redirect https://172.25.50.30/squid_clwarn.php

# Path to the clamd socket, use clamd_local if you use Unix socket or if clamd
# is listening on an Inet socket, comment clamd_local and set the clamd_ip and
# clamd_port to the corresponding value.
clamd_local /var/run/clamav/clamd.sock
#clamd_ip 192.168.1.5,127.0.0.1
#clamd_port 3310

# Set the timeout for clamd connection. Default is 1 second, this is a good
# value but if you have slow service you can increase up to 3.
timeout 1

# Force SquidClamav to log all virus detection or squiguard block redirection
# to the c-icap log file.
logredir 0

# Enable / disable DNS lookup of client ip address. Default is enabled '1' to
# preserve backward compatibility but you must desactivate this feature if you
# don't use trustclient with hostname in the regexp or if you don't have a DNS
# on your network. Disabling it will also speed up squidclamav.
dnslookup 0

# Enable / Disable Clamav Safe Browsing feature. You mus have enabled the
# corresponding behavior in clamd by enabling SafeBrowsing into freshclam.conf
# Enabling it will first make a safe browsing request to clamd and then the
# virus scan request. 
safebrowsing 0

# Send the Content-Type header to Clamav for multipart content types
# so multipart bodies can be broken up by their boundary and each part
# can be scanned.
multipart 0

# SquidClamav can be run in two mode. The first and default one is the
# "ScanAllExcept" mode that will scan everything by default and can be
# controlled by the abort, abortcontent, whitelist, trustuser and
# trustclient directives. The second mode is "ScanNothingExcept" that
# will scan nothing but the content controlled by the scan, scancontent,
# blacklist, untrustuser and untrustclient directives.
scan_mode ScanAllExcept


####
# Directives abort, abortcontent and whitelist are used in "ScanAllExcept" mode
####

# Do not scan images
#abort ^.*\.(ico|gif|png|jpg)$
#abortcontent ^image\/.*$

# Do not scan text files
#abort ^.*\.(css|xml|xsl|js|html|jsp)$
#abortcontent ^text\/.*$
#abortcontent ^application\/x-javascript$

# Do not scan streamed videos
#abortcontent ^video\/x-flv$
#abortcontent ^video\/mp4$

# Do not scan flash files
#abort ^.*\.swf$
#abortcontent ^application\/x-shockwave-flash$

# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
#abortcontent ^.*application\/x-mms-framed.*$

# White list some sites
#whitelist .*\.clamav.net


####
# Directives scan, scancontent and blacklist are used in "ScanNothingExcept" mode
####

# Only scan MS Document files
# scan ^.*\.(doc|docx|pdf|xls)$

# Only scan content-type: application/.*
#scancontent ^application\/.*$

# Only scan content from a site
#blacklist .*\.getyourvirus\.org

####
# See also 'trustuser' and 'trustclient' configuration directives in mode
# ScanAllExcept and 'untrustuser' and 'untrustclient' in "ScanNothingExœcept"
# mode. See documentation for more details.
####

####
# Use libarchive to ban archive with some suspect file inside.
###

# Enable use of libarchive. It is disabled by default, clamd will scan all
# file in the archives. Enabling this directive allow squidclamav to uncompress
# archives and filter according to user-defined rules before passing them to
# clamav. See directives bellow for more details.
enable_libarchive 0

# Block matching archive entries (supported by libarchive).
# eg. zip files containing threats such as ransomeware that are not yet
# detected by clamav or other antivirus software (typically 5KB zip files
# containing a cab file or a vbe script).
#ban_archive_entry ^.*\.(ade|adp|app|asd|asf|asx|bas|bat|cab|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh)$

# Maximum number of entries in an archive in order to block it if there's at least one match.
# Archives with more than ban_max_entries will not be blocked even if there are matches.
# A value of 0 (or commented) will ignore the number of entries in an archive.
# Suggested value: 1
#ban_max_entries 1

# Maximum number of matched entries in an archive in order to block it.
# Archives with more than ban_max_matched_entries matches will not be blocked.
# A value of 0 (or commented) will ban an archive when there's at least one entry match.
# Suggested value: 1
#ban_max_matched_entries 1

# Maximum size of an archive that may be opened. Any file bigger that this value
# will not be scanned.
# Suggested value: 2M
banmaxsize 2M

# Path where banned archives are stored (libarchive).
# hard-coded file format: banned_USERNAME_CLIENTIP_UNIXTIME_RAND(99).FILEEXTENSION
# USERNAME and CLIENTIP are available when enabling icap_send_client_ip and
# icap_send_client_username in squid.conf.
# Check clwarn.cgi example to see how you can retrieve the file name and serve it via http.
#recoverpath /opt/squidclamav_recover

# Enable if virus files should also be copied to recoverpath (libarchive).
# hard-coded file format: virus_USERNAME_CLIENTIP_UNIXTIME_RAND(99).FILEEXTENSION
# Otherwise only archives containing ban_archive_entry matches will be copied.
#recovervirus 1