Support custom URLs in fresclam.conf.
This commit is contained in:
parent
219686f57a
commit
4979969ad4
|
@ -2,9 +2,9 @@
|
|||
#
|
||||
# clamd wants a lot of RAM at startup time. Ensure to have at least 4GB of available memory
|
||||
#
|
||||
clamav_install: True
|
||||
clamav_milter_install: False
|
||||
clamav_clamd_spamassassin_service: False
|
||||
clamav_install: true
|
||||
clamav_milter_install: false
|
||||
clamav_clamd_spamassassin_service: false
|
||||
clamav_unofficial_sigs_install: '{{ clamav_install }}'
|
||||
# See https://urlhaus.abuse.ch/api/#clamav
|
||||
clamav_urlhaus_signatures_install: '{{ clamav_install }}'
|
||||
|
@ -36,16 +36,16 @@ clamav_clamd_pidfile: '/run/clamd.scan/clamd.pid'
|
|||
clamav_clamd_tmp: '/var/tmp'
|
||||
clamav_clamd_official_db_only: 'no'
|
||||
clamav_clamd_alert_exceeding_max: 'no'
|
||||
clamav_clamd_use_local_socket: True
|
||||
clamav_clamd_use_local_socket: true
|
||||
clamav_clamd_local_socket: '/run/clamd.scan/clamd.sock'
|
||||
clamav_clamd_use_net_socket: False
|
||||
clamav_clamd_use_net_socket: false
|
||||
clamav_clamd_net_socket_port: 3310
|
||||
clamav_clamd_net_main_socket_addr: '127.0.0.1'
|
||||
clamav_clamd_net_socket_addrs:
|
||||
- '{{ clamav_clamd_net_main_socket_addr }}'
|
||||
# Set this to your MTA max message size. Expressed in MB (M)
|
||||
clamav_clamd_stream_max_lenght: 25
|
||||
clamav_clamd_detect_pua: True
|
||||
clamav_clamd_detect_pua: true
|
||||
clamav_clamd_heuristic_alert: 'yes'
|
||||
clamav_clamd_heuristic_has_precedence: 'no'
|
||||
clamav_clamd_heuristic_broken_executable: 'no'
|
||||
|
@ -53,7 +53,7 @@ clamav_clamd_heuristic_ole_macros: 'no'
|
|||
clamav_clamd_heuristic_phishing_ssl_mismatch: 'no'
|
||||
clamav_clamd_heuristic_phishing_cloak: 'no'
|
||||
clamav_clamd_heuristic_partition_intersection: 'no'
|
||||
clamav_clamd_additional_doc_scanning: True
|
||||
clamav_clamd_additional_doc_scanning: true
|
||||
clamav_clamd_email_scan: 'yes'
|
||||
clamav_clamd_html_scan: 'yes'
|
||||
clamav_clamd_archives_scan: 'yes'
|
||||
|
@ -67,16 +67,16 @@ clamav_clamd_spamassassin_extended_info: 'yes'
|
|||
clamav_clamd_spamassassin_pidfile: '/run/clamd.spamassassin/clamd.pid'
|
||||
clamav_clamd_spamassassin_tmp: '/var/tmp'
|
||||
clamav_clamd_spamassassin_official_db_only: 'no'
|
||||
clamav_clamd_spamassassin_use_local_socket: True
|
||||
clamav_clamd_spamassassin_use_local_socket: true
|
||||
clamav_clamd_spamassassin_local_socket: '/run/clamd.spamassassin/clamd.sock'
|
||||
clamav_clamd_spamassassin_use_net_socket: False
|
||||
clamav_clamd_spamassassin_use_net_socket: false
|
||||
clamav_clamd_spamassassin_net_socket_port: 3311
|
||||
clamav_clamd_spamassassin_net_main_socket_addr: '127.0.0.1'
|
||||
clamav_clamd_spamassassin_net_socket_addrs:
|
||||
- '{{ clamav_clamd_spamassassin_net_main_socket_addr }}'
|
||||
clamav_clamd_spamassassin_stream_max_lenght: 25
|
||||
clamav_clamd_spamassassin_user: '{{ clamav_clamd_user }}'
|
||||
clamav_clamd_spamassassin_detect_pua: True
|
||||
clamav_clamd_spamassassin_detect_pua: true
|
||||
clamav_clamd_spamassassin_heuristic_alert: 'yes'
|
||||
clamav_clamd_spamassassin_heuristic_has_precedence: 'no'
|
||||
clamav_clamd_spamassassin_heuristic_broken_executable: 'yes'
|
||||
|
@ -84,7 +84,7 @@ clamav_clamd_spamassassin_heuristic_ole_macros: 'yes'
|
|||
clamav_clamd_spamassassin_heuristic_phishing_ssl_mismatch: 'yes'
|
||||
clamav_clamd_spamassassin_heuristic_phishing_cloak: 'yes'
|
||||
clamav_clamd_spamassassin_heuristic_partition_intersection: 'yes'
|
||||
clamav_clamd_spamassassin_additional_doc_scanning: True
|
||||
clamav_clamd_spamassassin_additional_doc_scanning: true
|
||||
clamav_clamd_spamassassin_email_scan: 'yes'
|
||||
clamav_clamd_spamassassin_html_scan: 'yes'
|
||||
clamav_clamd_spamassassin_archives_scan: 'yes'
|
||||
|
@ -96,8 +96,8 @@ clamav_clamd_spamassassin_bytecode_security: 'TrustSigned'
|
|||
#
|
||||
# Unofficial signatures
|
||||
#
|
||||
clamav_additional_signatures_use_proxy: False
|
||||
clamav_additional_signatures_use_proxy_auth: False
|
||||
clamav_additional_signatures_use_proxy: false
|
||||
clamav_additional_signatures_use_proxy_auth: false
|
||||
clamav_additional_signatures_proxy_host: ''
|
||||
clamav_additional_signatures_proxy_port: 3128
|
||||
clamav_additional_signatures_proxy_user: ''
|
||||
|
@ -108,34 +108,73 @@ clamav_additional_signatures_dbs_to_wipe:
|
|||
|
||||
# Freshclam
|
||||
clamav_freshclam_check_frequency: 12
|
||||
clamav_freshclam_use_proxy: False
|
||||
clamav_freshclam_use_proxy_auth: False
|
||||
clamav_freshclam_use_proxy: false
|
||||
clamav_freshclam_use_proxy_auth: false
|
||||
clamav_freshclam_proxy_host: ''
|
||||
clamav_freshclam_proxy_port: 3128
|
||||
clamav_freshclam_proxy_user: ''
|
||||
clamav_freshclam_proxy_pwd: ''
|
||||
clamav_freshclam_reload_clamd: True
|
||||
clamav_freshclam_reload_clamd: true
|
||||
clamav_freshclam_enable_safebrowsing: 'no'
|
||||
clamav_freshclam_enable_bytecode: 'yes'
|
||||
#clamav_freshclam_additional_databases:
|
||||
# - ''
|
||||
# - ''
|
||||
# clamav_freshclam_additional_databases:
|
||||
# - ''
|
||||
# - ''
|
||||
clamav_freshclam_custom_urls: []
|
||||
# Sanesecurity + Foxhole
|
||||
# - http://ftp.swin.edu.au/sanesecurity/junk.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/phish.ndb
|
||||
# #- http://ftp.swin.edu.au/sanesecurity/rogue.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
|
||||
# - http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
|
||||
# - http://ftp.swin.edu.au/sanesecurity/scam.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/blurl.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/badmacro.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/shelter.ldb
|
||||
# winnow
|
||||
# - http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
|
||||
# Malware.expert
|
||||
# - http://ftp.swin.edu.au/sanesecurity/malware.expert.hdb
|
||||
# bofhland
|
||||
# - http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
|
||||
# Porcupine
|
||||
# - http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
|
||||
# - http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
|
||||
|
||||
# tcp example: inet:7357@127.0.0.1
|
||||
clamav_milter_socket: 'local:/run/clamav-milter/clamav-milter.socket'
|
||||
clamav_milter_use_whitelist_file: False
|
||||
clamav_milter_use_whitelist_file: false
|
||||
clamav_milter_whitelist_file: '/etc/mail/clamav-whitelist'
|
||||
clamav_milter_use_skip_authenticated_file: False
|
||||
clamav_milter_use_skip_authenticated_file: false
|
||||
clamav_milter_skip_authenticated_file: '/etc/mail/clamav-skip-authenticated'
|
||||
clamav_milter_onclean_action: 'Accept'
|
||||
clamav_milter_oninfected_action: 'Reject'
|
||||
clamav_milter_onfail_action: 'Defer'
|
||||
clamav_milter_send_reject_msg: True
|
||||
clamav_milter_send_reject_msg: true
|
||||
clamav_milter_reject_msg: 'Virus %v present, email rejected!'
|
||||
clamav_milter_add_header: True
|
||||
clamav_milter_add_header: true
|
||||
clamav_milter_add_header_action: 'Add'
|
||||
clamav_milter_report_hostname: '{{ ansible_fqdn }}'
|
||||
clamav_milter_clamd_net_socket_addrs:
|
||||
- { addr: '{{ clamav_clamd_net_main_socket_addr }}', port: '{{ clamav_clamd_net_socket_port }}' }
|
||||
|
||||
|
||||
- {addr: '{{ clamav_clamd_net_main_socket_addr }}', port: '{{ clamav_clamd_net_socket_port }}'}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# Path to the database directory.
|
||||
# WARNING: It must match clamd.conf's directive!
|
||||
# WARNING: It must match clamd.conf directive!
|
||||
# Default: hardcoded (depends on installation options)
|
||||
DatabaseDirectory /var/lib/clamav
|
||||
|
||||
|
@ -11,7 +11,7 @@ DatabaseDirectory /var/lib/clamav
|
|||
# Value of 0 disables the limit.
|
||||
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
|
||||
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
|
||||
# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
|
||||
# in bytes just do not use modifiers. If LogFileMaxSize is enabled,
|
||||
# log rotation (the LogRotate option) will always be enabled.
|
||||
# Default: 1M
|
||||
#LogFileMaxSize 2M
|
||||
|
@ -50,7 +50,7 @@ DatabaseOwner {{ clamav_clamd_user }}
|
|||
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
|
||||
# to verify database and software versions. With this directive you can change
|
||||
# the database verification domain.
|
||||
# WARNING: Do not touch it unless you're configuring freshclam to use your
|
||||
# WARNING: Do not touch it unless you are configuring freshclam to use your
|
||||
# own database verification domain.
|
||||
# Default: current.cvd.clamav.net
|
||||
DNSDatabaseInfo current.cvd.clamav.net
|
||||
|
@ -65,7 +65,7 @@ DatabaseMirror database.clamav.net
|
|||
# Default: 3 (per mirror)
|
||||
#MaxAttempts 5
|
||||
|
||||
# With this option you can control scripted updates. It's highly recommended
|
||||
# With this option you can control scripted updates. It is highly recommended
|
||||
# to keep it enabled.
|
||||
# Default: yes
|
||||
ScriptedUpdates yes
|
||||
|
@ -81,6 +81,9 @@ ScriptedUpdates yes
|
|||
# Default: no custom URLs
|
||||
#DatabaseCustomURL http://myserver.com/mysigs.ndb
|
||||
#DatabaseCustomURL file:///mnt/nfs/local.hdb
|
||||
{% for clam_custom_url in clamav_freshclam_custom_urls %}
|
||||
DatabaseCustomURL {{ clam_custom_url }}
|
||||
{% endfor %}
|
||||
|
||||
# This option allows you to easily point freshclam to private mirrors.
|
||||
# If PrivateMirror is set, freshclam does not attempt to use DNS
|
||||
|
@ -118,7 +121,7 @@ HTTPProxyPassword {{ clamav_freshclam_proxy_pwd }}
|
|||
|
||||
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
|
||||
# multi-homed systems.
|
||||
# Default: Use OS'es default outgoing IP address.
|
||||
# Default: Use OS default outgoing IP address.
|
||||
#LocalIPAddress aaa.bbb.ccc.ddd
|
||||
|
||||
{% if clamav_freshclam_reload_clamd %}
|
||||
|
@ -140,7 +143,7 @@ NotifyClamd {{ clamav_clamd_conf_file }}
|
|||
# Default: disabled
|
||||
#OnOutdatedExecute command
|
||||
|
||||
# Don't fork into background.
|
||||
# Do not fork into background.
|
||||
# Default: no
|
||||
#Foreground yes
|
||||
|
||||
|
@ -168,9 +171,9 @@ NotifyClamd {{ clamav_clamd_conf_file }}
|
|||
# clamscan during the next reload, provided that the heuristic phishing
|
||||
# detection is turned on. This database includes information about websites
|
||||
# that may be phishing sites or possible sources of malware. When using this
|
||||
# option, it's mandatory to run freshclam at least every 30 minutes.
|
||||
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
|
||||
# database and its updates but all the contents are provided under Google's
|
||||
# option, it is mandatory to run freshclam at least every 30 minutes.
|
||||
# Freshclam uses the ClamAV s mirror infrastructure to distribute the
|
||||
# database and its updates but all the contents are provided under Google
|
||||
# terms of use. See https://www.google.com/transparencyreport/safebrowsing
|
||||
# and https://www.clamav.net/documents/safebrowsing
|
||||
# for more information.
|
||||
|
|
Loading…
Reference in New Issue