Support for the urlhaus signatures.

defaults/main.yml

@@ -6,6 +6,8 @@ clamav_install: True
 clamav_milter_install: False
 clamav_clamd_spamassassin_service: False
 clamav_unofficial_sigs_install: '{{ clamav_install }}'
+# See https://urlhaus.abuse.ch/api/#clamav
+clamav_urlhaus_signatures_install: '{{ clamav_install }}'
 
 clamav_rh_pkgs:
   - clamd
@@ -22,14 +24,10 @@ clamav_unofficial_sigs_rh_pkgs:
   - clamav-unofficial-sigs
   - perl
 
-clamav_signatures_db_dir: '/var/lib/clamav'
 clamav_signatures_dbs_to_wipe: []
 #  - 'scamnailer.ndb'
 clamav_signatures_whitelist_file: 'local_whitelist.ign2'
 clamav_signatures_whitelist: []
-clamav_clamd_user: clamscan
-clamav_clamd_conf_dir: '/etc/clamd.d'  
-clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'  
 
 # Main service (clamd@scan)
 clamav_clamd_verbose_logging: 'yes'

tasks/main.yml

@@ -78,7 +78,58 @@
   when: clamav_unofficial_sigs_install | bool
   tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_unofficial_sigs' ]
 
-- name: Configure clamav milter
+- name: Manage the clamav urlhaus signatures
+  block:
+  - name: Install the procmail package on RH based systems
+    yum: pkg=procmail state=present
+    when: ansible_distribution_file_variety == "RedHat"
+
+  - name: Install the clamav urlhaus script
+    template: src=urlhaus-signatures.j2 dest=/usr/local/bin/clamav-urlhaus-signatures owner=root group=root mode='0755'
+
+  - name: Install a cron job that downloads the urlhaus signatures
+    cron:
+        cron_file: clamav-urlhaus
+        minute: '*'
+        hour: '*'
+        day: '*'
+        weekday: '*'
+        month: '*'
+        disabled: no
+        job: "/usr/local/bin/clamav-urlhaus-signatures >/dev/null 2>& 1"
+        user: "{{ clamav_clamd_user }}"
+        name: 'manage-urlhaus-signatures'
+        state: present
+
+  when: clamav_urlhaus_signatures_install
+  tags: [ 'clamav', 'clamav_urlhaus' ]
+
+- name: Manage the clamav urlhaus signatures
+  block:
+  - name: Install the clamav urlhaus script
+    file: dest=/usr/local/bin/clamav-urlhaus-signatures state=absent
+
+  - name: Install the clamav urlhaus script
+    file: dest={{ clamav_signatures_db_dir }}/urlhaus.ndb state=absent
+
+  - name: Remove the cron job that downloads the urlhaus signatures
+    cron:
+        cron_file: clamav-urlhaus
+        minute: '*'
+        hour: '*'
+        day: '*'
+        weekday: '*'
+        month: '*'
+        disabled: no
+        job: "/usr/local/bin/clamav-urlhaus-signatures >/dev/null 2>& 1"
+        user: "{{ clamav_clamd_user }}"
+        name: 'manage-urlhaus-signatures'
+        state: absent
+
+  when: not clamav_urlhaus_signatures_install
+  tags: [ 'clamav', 'clamav_urlhaus' ]
+
+- name: Configure the clamav milter
   block:
   - name: Install the clamav milter configuration
     template: src=clamav-milter.conf.j2 dest=/etc/mail/clamav-milter.conf owner=root group=root mode=0444

templates/urlhaus-signatures.j2

@@ -0,0 +1,56 @@
+#!/bin/bash
+#
+# This script updates Clamav definitions with data from URLhaus (https://urlhaus.abuse.ch/api/#clamav)
+#
+# The original script lives at https://github.com/abusech/urlhaus/blob/master/clamav.sh
+#
+
+CLAMDIR="{{ clamav_signatures_db_dir }}"
+CLAMUSER="{{ clamav_clamd_user }}"
+CLAMGROUP="{{ clamav_clamd_user }}"
+
+tmpdir=/var/tmp
+tmp_urlhaus="$tmpdir/urlhaus"
+
+current_user=$( id -u -n )
+if [ "$current_user" != "$CLAMUSER" ] ; then
+    logger "urlhaus-signatures: must run as user $CLAMUSER"
+    echo "Must run as user $CLAMUSER"
+    exit 1
+fi 
+
+RELOAD=0
+
+lockfile -r 0 /tmp/local.the.lock 2>/dev/null || exit 1
+
+rm -rf $tmp_urlhaus
+mkdir $tmp_urlhaus
+
+curl -s https://urlhaus.abuse.ch/downloads/urlhaus.ndb -o $tmp_urlhaus/urlhaus.ndb
+
+if [ $? -eq 0 ]; then
+  clamscan --quiet -d $tmp_urlhaus $tmp_urlhaus 2>&1 >/dev/null
+  if [ $? -eq 0 ]; then
+    if [ -f "$CLAMDIR"/urlhaus.ndb ]; then
+      MD5old=`md5sum "$CLAMDIR"/urlhaus.ndb`
+      MD5new=`md5sum $tmp_urlhaus/urlhaus.ndb`
+      if ! [ "$MD5old" = "$MD5new" ]; then
+        # Updated file
+        cp $tmp_urlhaus/urlhaus.ndb $CLAMDIR
+        RELOAD=1
+      fi
+    else
+      # Looks like it's the first run
+      cp $tmp_urlhaus/urlhaus.ndb $CLAMDIR
+      chown $CLAMUSER.$CLAMGROUP "$CLAMDIR"/urlhaus.ndb
+      RELOAD=1
+    fi
+  fi
+fi
+
+if [ $RELOAD -eq 1 ]; then
+  clamdscan --reload
+fi
+
+rm -rf $tmp_urlhaus
+rm -f /tmp/local.the.lock

vars/main.yml

@@ -1,2 +1,5 @@
 ---
-# vars file for ansible-role-template
+clamav_clamd_user: clamscan
+clamav_clamd_conf_dir: '/etc/clamd.d'  
+clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'  
+clamav_signatures_db_dir: '/var/lib/clamav'