I brought this up a couple of months ago, and I'm going to state my case again.
The clamd.conf file has several built in 'behaviors' and structures that i consider bizarre, and - at least by the measure of the great majority of configuration files that i deal with on a day to day basis - non-standard and thus confusing.
Most notably, DisableDefaultScanOptions. No other configuration file I deal with regularly has this peculiar construct. i quote the conf file verbatim:
# By default clamd uses scan options recommended by libclamav. This option # disables recommended options and allows you to enable selected ones below. # DO NOT TOUCH IT unless you know what you are doing. # Default: disabled #DisableDefaultScanOptions
okay. so. DisableDefaultScanOptions is by default disabled. meaning the default scan options are enabled. that's sufficiently non-intuitive for me! secondly, and more problematic, is the statement "selected ones below". There is no demarcation in the file for the end of the scan options that are controlled by DisableDefaultScanOptions. it would reasonably *appear* that the end of the scan options is at
#ArchiveBlockMax, after which are Clamuko settings. but again - there's no explicit demarcation that suggests that that's the end of the options covered by DisableDefaultScanOptions.
Further: if DisableDefaultScanOptions is by default disabled, meaning default scan options are enabled, then does that mean that the scan options listed under DisableDefaultScanOptions are in the *opposite* state of what they are listed as? example:
# ClamAV can scan within archives and compressed files. # Default: enabled #ScanArchive
# Due to license issues libclamav does not support RAR 3.0 archives (only the # old 2.0 format is supported). Because some users report stability problems # with unrarlib it's disabled by default and you must uncomment the directive # below to enable RAR 2.0 support. # Default: disabled #ScanRAR
if DisableDefaultScanOptions is *enabled*, then does this mean that ScanArchive becomes disabled, regardless of being commented out, and ScanRAR becomes enabled, regardless of being commented out?
or does it mean that ScanArchive and ScanRAR are both by default disabled, because both are commented out?
suffice to say, it's not intuitive. the conf file needs an overhaul. in addition to option arguments of "STRING", "SIZE", and "NUMBER", there need to be dedicated "ON" and "OFF" options for those options that can be in an enabled or disabled state. get rid of DisableDefaultScanOptions. instead, structure the important scanning options like this:
# ClamAV can scan within archives and compressed files. # Default: On ScanArchive ON
# Due to license issues libclamav does not support RAR 3.0 archives (only the # old 2.0 format is supported). Because some users report stability problems # with unrarlib it's disabled by default and you must uncomment the directive # below to enable RAR 2.0 support. # Default: Off ScanRAR OFF
or if you prefer, use "YES" and "NO":
# ClamAV can scan within archives and compressed files. # Default: enabled ScanArchive YES
# Due to license issues libclamav does not support RAR 3.0 archives (only the # old 2.0 format is supported). Because some users report stability problems # with unrarlib it's disabled by default and you must uncomment the directive # below to enable RAR 2.0 support. # Default: disabled ScanRAR NO
rather than having commented/uncommented indicating enabled/disabled. There's just no need for DisableDefaultScanOptions. you can indicate the importance of not changing these important options really simply, without the DisableDefaultScanOptions construct: just add the line "DON'T CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING" to the comments above those particular options. easy.
i know i've belabored the subject. but again, i think this is reasonably important, if only for making default behaviors clearer to the end user. and no, i'm not a newbie, believe it or not - i have a decade of professional experience as a unix sysadmin - that's in fact my impetus here, to get the clamd.conf to conform in structure to the majority of the other config files i use - sshd_config, clockspeed.conf, imapproxy.conf, etc etc etc.
i submit this in the spirit of making clamav better. i'm not angry/upset about this, i'd just like to see it improved.
Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
