Support for the urlhaus signatures.
This commit is contained in:
parent
6bc0bc5b28
commit
219686f57a
|
@ -6,6 +6,8 @@ clamav_install: True
|
|||
clamav_milter_install: False
|
||||
clamav_clamd_spamassassin_service: False
|
||||
clamav_unofficial_sigs_install: '{{ clamav_install }}'
|
||||
# See https://urlhaus.abuse.ch/api/#clamav
|
||||
clamav_urlhaus_signatures_install: '{{ clamav_install }}'
|
||||
|
||||
clamav_rh_pkgs:
|
||||
- clamd
|
||||
|
@ -22,14 +24,10 @@ clamav_unofficial_sigs_rh_pkgs:
|
|||
- clamav-unofficial-sigs
|
||||
- perl
|
||||
|
||||
clamav_signatures_db_dir: '/var/lib/clamav'
|
||||
clamav_signatures_dbs_to_wipe: []
|
||||
# - 'scamnailer.ndb'
|
||||
clamav_signatures_whitelist_file: 'local_whitelist.ign2'
|
||||
clamav_signatures_whitelist: []
|
||||
clamav_clamd_user: clamscan
|
||||
clamav_clamd_conf_dir: '/etc/clamd.d'
|
||||
clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'
|
||||
|
||||
# Main service (clamd@scan)
|
||||
clamav_clamd_verbose_logging: 'yes'
|
||||
|
|
|
@ -78,7 +78,58 @@
|
|||
when: clamav_unofficial_sigs_install | bool
|
||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_unofficial_sigs' ]
|
||||
|
||||
- name: Configure clamav milter
|
||||
- name: Manage the clamav urlhaus signatures
|
||||
block:
|
||||
- name: Install the procmail package on RH based systems
|
||||
yum: pkg=procmail state=present
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Install the clamav urlhaus script
|
||||
template: src=urlhaus-signatures.j2 dest=/usr/local/bin/clamav-urlhaus-signatures owner=root group=root mode='0755'
|
||||
|
||||
- name: Install a cron job that downloads the urlhaus signatures
|
||||
cron:
|
||||
cron_file: clamav-urlhaus
|
||||
minute: '*'
|
||||
hour: '*'
|
||||
day: '*'
|
||||
weekday: '*'
|
||||
month: '*'
|
||||
disabled: no
|
||||
job: "/usr/local/bin/clamav-urlhaus-signatures >/dev/null 2>& 1"
|
||||
user: "{{ clamav_clamd_user }}"
|
||||
name: 'manage-urlhaus-signatures'
|
||||
state: present
|
||||
|
||||
when: clamav_urlhaus_signatures_install
|
||||
tags: [ 'clamav', 'clamav_urlhaus' ]
|
||||
|
||||
- name: Manage the clamav urlhaus signatures
|
||||
block:
|
||||
- name: Install the clamav urlhaus script
|
||||
file: dest=/usr/local/bin/clamav-urlhaus-signatures state=absent
|
||||
|
||||
- name: Install the clamav urlhaus script
|
||||
file: dest={{ clamav_signatures_db_dir }}/urlhaus.ndb state=absent
|
||||
|
||||
- name: Remove the cron job that downloads the urlhaus signatures
|
||||
cron:
|
||||
cron_file: clamav-urlhaus
|
||||
minute: '*'
|
||||
hour: '*'
|
||||
day: '*'
|
||||
weekday: '*'
|
||||
month: '*'
|
||||
disabled: no
|
||||
job: "/usr/local/bin/clamav-urlhaus-signatures >/dev/null 2>& 1"
|
||||
user: "{{ clamav_clamd_user }}"
|
||||
name: 'manage-urlhaus-signatures'
|
||||
state: absent
|
||||
|
||||
when: not clamav_urlhaus_signatures_install
|
||||
tags: [ 'clamav', 'clamav_urlhaus' ]
|
||||
|
||||
- name: Configure the clamav milter
|
||||
block:
|
||||
- name: Install the clamav milter configuration
|
||||
template: src=clamav-milter.conf.j2 dest=/etc/mail/clamav-milter.conf owner=root group=root mode=0444
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# This script updates Clamav definitions with data from URLhaus (https://urlhaus.abuse.ch/api/#clamav)
|
||||
#
|
||||
# The original script lives at https://github.com/abusech/urlhaus/blob/master/clamav.sh
|
||||
#
|
||||
|
||||
CLAMDIR="{{ clamav_signatures_db_dir }}"
|
||||
CLAMUSER="{{ clamav_clamd_user }}"
|
||||
CLAMGROUP="{{ clamav_clamd_user }}"
|
||||
|
||||
tmpdir=/var/tmp
|
||||
tmp_urlhaus="$tmpdir/urlhaus"
|
||||
|
||||
current_user=$( id -u -n )
|
||||
if [ "$current_user" != "$CLAMUSER" ] ; then
|
||||
logger "urlhaus-signatures: must run as user $CLAMUSER"
|
||||
echo "Must run as user $CLAMUSER"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
RELOAD=0
|
||||
|
||||
lockfile -r 0 /tmp/local.the.lock 2>/dev/null || exit 1
|
||||
|
||||
rm -rf $tmp_urlhaus
|
||||
mkdir $tmp_urlhaus
|
||||
|
||||
curl -s https://urlhaus.abuse.ch/downloads/urlhaus.ndb -o $tmp_urlhaus/urlhaus.ndb
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
clamscan --quiet -d $tmp_urlhaus $tmp_urlhaus 2>&1 >/dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
if [ -f "$CLAMDIR"/urlhaus.ndb ]; then
|
||||
MD5old=`md5sum "$CLAMDIR"/urlhaus.ndb`
|
||||
MD5new=`md5sum $tmp_urlhaus/urlhaus.ndb`
|
||||
if ! [ "$MD5old" = "$MD5new" ]; then
|
||||
# Updated file
|
||||
cp $tmp_urlhaus/urlhaus.ndb $CLAMDIR
|
||||
RELOAD=1
|
||||
fi
|
||||
else
|
||||
# Looks like it's the first run
|
||||
cp $tmp_urlhaus/urlhaus.ndb $CLAMDIR
|
||||
chown $CLAMUSER.$CLAMGROUP "$CLAMDIR"/urlhaus.ndb
|
||||
RELOAD=1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $RELOAD -eq 1 ]; then
|
||||
clamdscan --reload
|
||||
fi
|
||||
|
||||
rm -rf $tmp_urlhaus
|
||||
rm -f /tmp/local.the.lock
|
|
@ -1,2 +1,5 @@
|
|||
---
|
||||
# vars file for ansible-role-template
|
||||
clamav_clamd_user: clamscan
|
||||
clamav_clamd_conf_dir: '/etc/clamd.d'
|
||||
clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'
|
||||
clamav_signatures_db_dir: '/var/lib/clamav'
|
||||
|
|
Loading…
Reference in New Issue