The clamav module is an open source antivirus engine that is part of the default Momentum installation.
The following is an example configuration:
clamav {}
antivirus "antivirus1" {
clamav "clamav1" {
daemon = "127.0.0.1:3310"
timeout = "20"
action = "pass"
paranoid = false
context_variable = "virus"
skip_context_variable = "skip_virus_check"
file_base = "/var/tmp"
}
}
Note
In order to use this module, you must install ClamAV on your server and update it as needed or desired. Configure this module in the global scope and also within the antivirus scope as shown in “clamav Configuration”.
The clamav module is a singleton in the global scope but a non-singleton within the antivirus scope. In the global scope this module only supports the enabled
and debug_level
options.
For more information about Clam AV, see the ClamAV web page.
This module uses the configuration options common to all antivirus modules, plus the following plus the following clamav-specific options:
- daemon
-
The ClamAV engine connects to its external daemon over TCP/IP. This means the daemon may optionally be run on another machine. It runs in the IO pool by default.
For a list of the configuration options that this module shares with other antivirus modules, see “Configuration”. For the clamav module, the context_variable
option defaults to clamav_status
.
This module supports the msys.av.scan and the msys.av.scan_part Lua functions.
These functions return four values:
-
The scan status , which is one of the following values:
-
msys.av.EC_AV_PART_IS_CONTAINER – A container was passed to msys.av.scan.
-
msys.av.EC_AV_NAME_TOO_LONG –
av_engine_name
is longer than 40 characters. -
msys.av.EC_AV_NO_ENGINE – No AV engine is configured.
-
msys.av.EC_AV_NOT_SUITABLE_FOR_STREAMING – AV engine cannot scan the message that was passed in as a stream.
-
msys.av.EC_AV_ERROR – A runtime error occurred. This status is returned if the engine scan code is either
OK
orEmpty file
, and the error text is returned in the informational string . -
msys.av.EC_AV_CLEAN – The scan code is either
OK
orEmpty file
, and there is no runtime error.This includes cases where a runtime error in the AV engine occurs.
-
msys.av.EC_AV_INFECTED – Message is classified as infected if the scan code is not
OK
orEmpty file
. -
msys.av.EC_AV_UNSCANNABLE – Message could not be scanned.
-
-
An informational string , which typically contains the virus name; the precise contents of this string depend on the engine.
-
The name of the AV engine that detected the virus or
nil
if no virus was detected. -
The engine scan code or
nil
if no engine scan code is available. If the scan result is msys.av.EC_AV_CLEAN, this code will be eitherOK
orEmpty file
.
For additional details about these functions, see msys.av.scan and msys.av.scan_part.