Add a signature whitelist file
This commit is contained in:
parent
21768f0ec1
commit
b6a5034354
|
@ -23,9 +23,10 @@ clamav_unofficial_sigs_rh_pkgs:
|
|||
- perl
|
||||
|
||||
clamav_signatures_db_dir: '/var/lib/clamav'
|
||||
clamav_signatures_dbs_to_wipe:
|
||||
- 'scamnailer.ndb'
|
||||
|
||||
clamav_signatures_dbs_to_wipe: []
|
||||
# - 'scamnailer.ndb'
|
||||
clamav_signatures_whitelist_file: 'local_whitelist.ign2'
|
||||
clamav_signatures_whitelist: []
|
||||
clamav_clamd_user: clamscan
|
||||
clamav_clamd_conf_dir: '/etc/clamd.d'
|
||||
clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'
|
||||
|
|
|
@ -37,8 +37,14 @@
|
|||
- name: Remove some signature files that are broken.
|
||||
file: dest={{ clamav_signatures_db_dir }}/{{ item }} state=absent
|
||||
with_items: '{{ clamav_signatures_dbs_to_wipe }}'
|
||||
notify: Restart clamd
|
||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ]
|
||||
|
||||
- name: Install the local whitelist file
|
||||
template: src=local_whitelist.ign2.j2 dest={{ clamav_signatures_db_dir }}/{{ clamav_signatures_whitelist_file }} owner=clamscan group=clamscan mode='0444'
|
||||
notify: Restart clamd
|
||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures', 'clamav_whitelist' ]
|
||||
|
||||
- name: Install a cron job that wipes the wrong signature files, just in case they reappear after an update
|
||||
cron: name="Wipe some clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_signatures_dbs_to_wipe %}/bin/rm -f {{ clamav_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}"
|
||||
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ]
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
{% for signature in clamav_signatures_whitelist %}
|
||||
{{ signature }}
|
||||
{% endfor %}
|
Loading…
Reference in New Issue