clamav {
  # If set force this action if any virus is found (default unset: no action is forced)
  action = "reject";
  message = '${SCANNER}: virus found: "${VIRUS}"';
  # Scan mime_parts seperately - otherwise the complete mail will be transfered to AV Scanner
  scan_mime_parts = true;
  # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity)
  scan_text_mime = false;
  scan_image_mime = false;
  # If `max_size` is set, messages > n bytes in size are not scanned
  max_size = 20000000;
  # symbol to add (add it to metric if you want non-zero weight)
  symbol = "CLAM_VIRUS";
  # type of scanner: "clamav", "fprot", "sophos" or "savapi"
  type = "clamav";
  # For "savapi" you must also specify the following variable
  #product_id = 12345;
  # You can enable logging for clean messages
  # log_clean = true;
  # servers to query (if port is unspecified, scanner-specific default is used)
  # can be specified multiple times to pool servers
  # can be set to a path to a unix socket
  # Enable this in local.d/antivirus.conf
  # servers = "127.0.0.1:3310";
  servers = "@PREFIX@/var/run/clamav/clamd.socket";
  # if `patterns` is specified virus name will be matched against provided regexes and the related
  # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
  patterns {
    # symbol_name = "pattern";
    JUST_EICAR = '^Eicar-Test-Signature$';
  }
  patterns_fail {
    # symbol_name = "pattern";
    CLAM_PROTOCOL_ERROR = '^unhandled response';
    CLAM_LIMITS_EXCEEDED = '^Heuristics\.Limits\.Exceeded$';
  }
  # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
  whitelist = "@PREFIX@/etc/rspamd/antivirus.wl";
}