Support for the urlhaus signatures.
This commit is contained in:
parent
6bc0bc5b28
commit
219686f57a
|
@ -6,6 +6,8 @@ clamav_install: True
|
||||||
clamav_milter_install: False
|
clamav_milter_install: False
|
||||||
clamav_clamd_spamassassin_service: False
|
clamav_clamd_spamassassin_service: False
|
||||||
clamav_unofficial_sigs_install: '{{ clamav_install }}'
|
clamav_unofficial_sigs_install: '{{ clamav_install }}'
|
||||||
|
# See https://urlhaus.abuse.ch/api/#clamav
|
||||||
|
clamav_urlhaus_signatures_install: '{{ clamav_install }}'
|
||||||
|
|
||||||
clamav_rh_pkgs:
|
clamav_rh_pkgs:
|
||||||
- clamd
|
- clamd
|
||||||
|
@ -22,14 +24,10 @@ clamav_unofficial_sigs_rh_pkgs:
|
||||||
- clamav-unofficial-sigs
|
- clamav-unofficial-sigs
|
||||||
- perl
|
- perl
|
||||||
|
|
||||||
clamav_signatures_db_dir: '/var/lib/clamav'
|
|
||||||
clamav_signatures_dbs_to_wipe: []
|
clamav_signatures_dbs_to_wipe: []
|
||||||
# - 'scamnailer.ndb'
|
# - 'scamnailer.ndb'
|
||||||
clamav_signatures_whitelist_file: 'local_whitelist.ign2'
|
clamav_signatures_whitelist_file: 'local_whitelist.ign2'
|
||||||
clamav_signatures_whitelist: []
|
clamav_signatures_whitelist: []
|
||||||
clamav_clamd_user: clamscan
|
|
||||||
clamav_clamd_conf_dir: '/etc/clamd.d'
|
|
||||||
clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'
|
|
||||||
|
|
||||||
# Main service (clamd@scan)
|
# Main service (clamd@scan)
|
||||||
clamav_clamd_verbose_logging: 'yes'
|
clamav_clamd_verbose_logging: 'yes'
|
||||||
|
|
|
@ -78,7 +78,58 @@
|
||||||
when: clamav_unofficial_sigs_install | bool
|
when: clamav_unofficial_sigs_install | bool
|
||||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_unofficial_sigs' ]
|
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_unofficial_sigs' ]
|
||||||
|
|
||||||
- name: Configure clamav milter
|
- name: Manage the clamav urlhaus signatures
|
||||||
|
block:
|
||||||
|
- name: Install the procmail package on RH based systems
|
||||||
|
yum: pkg=procmail state=present
|
||||||
|
when: ansible_distribution_file_variety == "RedHat"
|
||||||
|
|
||||||
|
- name: Install the clamav urlhaus script
|
||||||
|
template: src=urlhaus-signatures.j2 dest=/usr/local/bin/clamav-urlhaus-signatures owner=root group=root mode='0755'
|
||||||
|
|
||||||
|
- name: Install a cron job that downloads the urlhaus signatures
|
||||||
|
cron:
|
||||||
|
cron_file: clamav-urlhaus
|
||||||
|
minute: '*'
|
||||||
|
hour: '*'
|
||||||
|
day: '*'
|
||||||
|
weekday: '*'
|
||||||
|
month: '*'
|
||||||
|
disabled: no
|
||||||
|
job: "/usr/local/bin/clamav-urlhaus-signatures >/dev/null 2>& 1"
|
||||||
|
user: "{{ clamav_clamd_user }}"
|
||||||
|
name: 'manage-urlhaus-signatures'
|
||||||
|
state: present
|
||||||
|
|
||||||
|
when: clamav_urlhaus_signatures_install
|
||||||
|
tags: [ 'clamav', 'clamav_urlhaus' ]
|
||||||
|
|
||||||
|
- name: Manage the clamav urlhaus signatures
|
||||||
|
block:
|
||||||
|
- name: Install the clamav urlhaus script
|
||||||
|
file: dest=/usr/local/bin/clamav-urlhaus-signatures state=absent
|
||||||
|
|
||||||
|
- name: Install the clamav urlhaus script
|
||||||
|
file: dest={{ clamav_signatures_db_dir }}/urlhaus.ndb state=absent
|
||||||
|
|
||||||
|
- name: Remove the cron job that downloads the urlhaus signatures
|
||||||
|
cron:
|
||||||
|
cron_file: clamav-urlhaus
|
||||||
|
minute: '*'
|
||||||
|
hour: '*'
|
||||||
|
day: '*'
|
||||||
|
weekday: '*'
|
||||||
|
month: '*'
|
||||||
|
disabled: no
|
||||||
|
job: "/usr/local/bin/clamav-urlhaus-signatures >/dev/null 2>& 1"
|
||||||
|
user: "{{ clamav_clamd_user }}"
|
||||||
|
name: 'manage-urlhaus-signatures'
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
when: not clamav_urlhaus_signatures_install
|
||||||
|
tags: [ 'clamav', 'clamav_urlhaus' ]
|
||||||
|
|
||||||
|
- name: Configure the clamav milter
|
||||||
block:
|
block:
|
||||||
- name: Install the clamav milter configuration
|
- name: Install the clamav milter configuration
|
||||||
template: src=clamav-milter.conf.j2 dest=/etc/mail/clamav-milter.conf owner=root group=root mode=0444
|
template: src=clamav-milter.conf.j2 dest=/etc/mail/clamav-milter.conf owner=root group=root mode=0444
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# This script updates Clamav definitions with data from URLhaus (https://urlhaus.abuse.ch/api/#clamav)
|
||||||
|
#
|
||||||
|
# The original script lives at https://github.com/abusech/urlhaus/blob/master/clamav.sh
|
||||||
|
#
|
||||||
|
|
||||||
|
CLAMDIR="{{ clamav_signatures_db_dir }}"
|
||||||
|
CLAMUSER="{{ clamav_clamd_user }}"
|
||||||
|
CLAMGROUP="{{ clamav_clamd_user }}"
|
||||||
|
|
||||||
|
tmpdir=/var/tmp
|
||||||
|
tmp_urlhaus="$tmpdir/urlhaus"
|
||||||
|
|
||||||
|
current_user=$( id -u -n )
|
||||||
|
if [ "$current_user" != "$CLAMUSER" ] ; then
|
||||||
|
logger "urlhaus-signatures: must run as user $CLAMUSER"
|
||||||
|
echo "Must run as user $CLAMUSER"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
RELOAD=0
|
||||||
|
|
||||||
|
lockfile -r 0 /tmp/local.the.lock 2>/dev/null || exit 1
|
||||||
|
|
||||||
|
rm -rf $tmp_urlhaus
|
||||||
|
mkdir $tmp_urlhaus
|
||||||
|
|
||||||
|
curl -s https://urlhaus.abuse.ch/downloads/urlhaus.ndb -o $tmp_urlhaus/urlhaus.ndb
|
||||||
|
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
clamscan --quiet -d $tmp_urlhaus $tmp_urlhaus 2>&1 >/dev/null
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
if [ -f "$CLAMDIR"/urlhaus.ndb ]; then
|
||||||
|
MD5old=`md5sum "$CLAMDIR"/urlhaus.ndb`
|
||||||
|
MD5new=`md5sum $tmp_urlhaus/urlhaus.ndb`
|
||||||
|
if ! [ "$MD5old" = "$MD5new" ]; then
|
||||||
|
# Updated file
|
||||||
|
cp $tmp_urlhaus/urlhaus.ndb $CLAMDIR
|
||||||
|
RELOAD=1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Looks like it's the first run
|
||||||
|
cp $tmp_urlhaus/urlhaus.ndb $CLAMDIR
|
||||||
|
chown $CLAMUSER.$CLAMGROUP "$CLAMDIR"/urlhaus.ndb
|
||||||
|
RELOAD=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $RELOAD -eq 1 ]; then
|
||||||
|
clamdscan --reload
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -rf $tmp_urlhaus
|
||||||
|
rm -f /tmp/local.the.lock
|
|
@ -1,2 +1,5 @@
|
||||||
---
|
---
|
||||||
# vars file for ansible-role-template
|
clamav_clamd_user: clamscan
|
||||||
|
clamav_clamd_conf_dir: '/etc/clamd.d'
|
||||||
|
clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'
|
||||||
|
clamav_signatures_db_dir: '/var/lib/clamav'
|
||||||
|
|
Loading…
Reference in New Issue