209 lines
8.8 KiB
YAML
209 lines
8.8 KiB
YAML
---
|
|
#
|
|
# clamd wants a lot of RAM at startup time. Ensure to have at least 4GB of available memory
|
|
#
|
|
clamav_install: true
|
|
clamav_milter_install: false
|
|
clamav_clamd_spamassassin_service: false
|
|
clamav_unofficial_sigs_install: '{{ clamav_install }}'
|
|
# See https://urlhaus.abuse.ch/api/#clamav
|
|
clamav_urlhaus_signatures_install: '{{ clamav_install }}'
|
|
|
|
clamav_rh_pkgs:
|
|
- clamd
|
|
- clamav-filesystem
|
|
- clamav
|
|
- clamav-data
|
|
- clamav-lib
|
|
- clamav-update
|
|
|
|
clamav_milter_rh_pkgs:
|
|
- clamav-milter
|
|
|
|
clamav_unofficial_sigs_rh_pkgs:
|
|
- clamav-unofficial-sigs
|
|
- perl
|
|
|
|
clamav_signatures_dbs_to_wipe: []
|
|
# - 'scamnailer.ndb'
|
|
clamav_signatures_whitelist_file: 'local_whitelist.ign2'
|
|
clamav_signatures_whitelist: []
|
|
|
|
# Main service (clamd@scan)
|
|
clamav_clamd_verbose_logging: 'yes'
|
|
clamav_clamd_extended_info: 'yes'
|
|
clamav_clamd_pidfile: '/run/clamd.scan/clamd.pid'
|
|
clamav_clamd_tmp: '/var/tmp'
|
|
clamav_clamd_official_db_only: 'no'
|
|
clamav_clamd_alert_exceeding_max: 'no'
|
|
clamav_clamd_use_local_socket: true
|
|
clamav_clamd_local_socket: '/run/clamd.scan/clamd.sock'
|
|
clamav_clamd_use_net_socket: false
|
|
clamav_clamd_net_socket_port: 3310
|
|
clamav_clamd_net_main_socket_addr: '127.0.0.1'
|
|
clamav_clamd_net_socket_addrs:
|
|
- '{{ clamav_clamd_net_main_socket_addr }}'
|
|
# Set this to your MTA max message size. Expressed in MB (M)
|
|
clamav_clamd_stream_max_lenght: 25
|
|
clamav_clamd_detect_pua: true
|
|
clamav_clamd_heuristic_alert: 'yes'
|
|
clamav_clamd_heuristic_has_precedence: 'no'
|
|
clamav_clamd_heuristic_broken_executable: 'no'
|
|
clamav_clamd_heuristic_ole_macros: 'no'
|
|
clamav_clamd_heuristic_phishing_ssl_mismatch: 'no'
|
|
clamav_clamd_heuristic_phishing_cloak: 'no'
|
|
clamav_clamd_heuristic_partition_intersection: 'no'
|
|
clamav_clamd_additional_doc_scanning: true
|
|
clamav_clamd_email_scan: 'yes'
|
|
clamav_clamd_html_scan: 'yes'
|
|
clamav_clamd_archives_scan: 'yes'
|
|
clamav_clamd_max_scan_time: 120000
|
|
# Options: None, TrustSigned, Paranoid. Stick to the default
|
|
clamav_clamd_bytecode_security: 'TrustSigned'
|
|
|
|
# service used by spamassassin
|
|
clamav_clamd_spamassassin_verbose_logging: 'yes'
|
|
clamav_clamd_spamassassin_extended_info: 'yes'
|
|
clamav_clamd_spamassassin_pidfile: '/run/clamd.spamassassin/clamd.pid'
|
|
clamav_clamd_spamassassin_tmp: '/var/tmp'
|
|
clamav_clamd_spamassassin_official_db_only: 'no'
|
|
clamav_clamd_spamassassin_use_local_socket: true
|
|
clamav_clamd_spamassassin_local_socket: '/run/clamd.spamassassin/clamd.sock'
|
|
clamav_clamd_spamassassin_use_net_socket: false
|
|
clamav_clamd_spamassassin_net_socket_port: 3311
|
|
clamav_clamd_spamassassin_net_main_socket_addr: '127.0.0.1'
|
|
clamav_clamd_spamassassin_net_socket_addrs:
|
|
- '{{ clamav_clamd_spamassassin_net_main_socket_addr }}'
|
|
clamav_clamd_spamassassin_stream_max_lenght: 25
|
|
clamav_clamd_spamassassin_user: '{{ clamav_clamd_user }}'
|
|
clamav_clamd_spamassassin_detect_pua: true
|
|
clamav_clamd_spamassassin_heuristic_alert: 'yes'
|
|
clamav_clamd_spamassassin_heuristic_has_precedence: 'no'
|
|
clamav_clamd_spamassassin_heuristic_broken_executable: 'yes'
|
|
clamav_clamd_spamassassin_heuristic_ole_macros: 'yes'
|
|
clamav_clamd_spamassassin_heuristic_phishing_ssl_mismatch: 'yes'
|
|
clamav_clamd_spamassassin_heuristic_phishing_cloak: 'yes'
|
|
clamav_clamd_spamassassin_heuristic_partition_intersection: 'yes'
|
|
clamav_clamd_spamassassin_additional_doc_scanning: true
|
|
clamav_clamd_spamassassin_email_scan: 'yes'
|
|
clamav_clamd_spamassassin_html_scan: 'yes'
|
|
clamav_clamd_spamassassin_archives_scan: 'yes'
|
|
clamav_clamd_spamassassin_max_scan_time: 120000
|
|
clamav_clamd_spamassassin_alert_exceeding_max: 'yes'
|
|
# Options: None, TrustSigned, Paranoid. Stick to the default
|
|
clamav_clamd_spamassassin_bytecode_security: 'TrustSigned'
|
|
|
|
#
|
|
# Unofficial signatures
|
|
#
|
|
clamav_additional_signatures_use_proxy: false
|
|
clamav_additional_signatures_use_proxy_auth: false
|
|
clamav_additional_signatures_proxy_host: ''
|
|
clamav_additional_signatures_proxy_port: 3128
|
|
clamav_additional_signatures_proxy_user: ''
|
|
clamav_additional_signatures_proxy_pwd: ''
|
|
clamav_additional_signatures_db_dir: '/var/lib/clamav-unofficial-sigs'
|
|
clamav_additional_signatures_dbs_to_wipe:
|
|
- 'dbs-ss/scamnailer.ndb'
|
|
|
|
# Freshclam
|
|
clamav_freshclam_check_frequency: 12
|
|
clamav_freshclam_use_proxy: false
|
|
clamav_freshclam_use_proxy_auth: false
|
|
clamav_freshclam_proxy_host: ''
|
|
clamav_freshclam_proxy_port: 3128
|
|
clamav_freshclam_proxy_user: ''
|
|
clamav_freshclam_proxy_pwd: ''
|
|
clamav_freshclam_reload_clamd: true
|
|
clamav_freshclam_enable_bytecode: 'yes'
|
|
# clamav_freshclam_additional_databases:
|
|
# - ''
|
|
# - ''
|
|
clamav_freshclam_custom_urls: []
|
|
# See https://github.com/InQuest/awesome-yara for a set of curated repositories
|
|
#
|
|
# From https://gist.github.com/alsyundawy/9df58b03506bad8ccd08e06d15a8fa93
|
|
# Malware
|
|
# - https://cdn.malware.expert/malware.expert.ndb
|
|
# - https://cdn.malware.expert/malware.expert.hdb
|
|
# - https://cdn.malware.expert/malware.expert.ldb
|
|
# - https://cdn.malware.expert/malware.expert.fp
|
|
# Sanesecurity + Foxhole
|
|
# - https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-INFO-Low.ldb
|
|
# - https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-Low.ldb
|
|
# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_BlackEnergy.yara
|
|
# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_sigtest.yara
|
|
# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_spam.yara
|
|
# - https://ftp.swin.edu.au/sanesecurity/badmacro.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/blurl.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/doppelstern-phishtank.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/doppelstern.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/doppelstern.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
|
|
# - https://ftp.swin.edu.au/sanesecurity/junk.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/jurlbla.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/lott.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
|
|
# - https://ftp.swin.edu.au/sanesecurity/phish.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/rogue.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/scam.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/scamnailer.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/shelter.ldb
|
|
# - https://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
|
|
# - https://ftp.swin.edu.au/sanesecurity/spam.ldb
|
|
# - https://ftp.swin.edu.au/sanesecurity/spamattach.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/spamimg.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/spear.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/spearl.ndb
|
|
# winnow
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow.complex.patterns.ldb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware_links.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/winnow_spam_complete.ndb
|
|
# bofhland
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
|
|
# Porcupine
|
|
# - https://ftp.swin.edu.au/sanesecurity/porcupine.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/phishtank.ndb
|
|
# - https://ftp.swin.edu.au/sanesecurity/porcupine.hsb
|
|
# maldet
|
|
# - https://www.rfxn.com/downloads/rfxn.ndb
|
|
# - https://www.rfxn.com/downloads/rfxn.hdb
|
|
|
|
# tcp example: inet:7357@127.0.0.1
|
|
clamav_milter_socket: 'local:/run/clamav-milter/clamav-milter.socket'
|
|
clamav_milter_use_whitelist_file: false
|
|
clamav_milter_whitelist_file: '/etc/mail/clamav-whitelist'
|
|
clamav_milter_use_skip_authenticated_file: false
|
|
clamav_milter_skip_authenticated_file: '/etc/mail/clamav-skip-authenticated'
|
|
clamav_milter_onclean_action: 'Accept'
|
|
clamav_milter_oninfected_action: 'Reject'
|
|
clamav_milter_onfail_action: 'Defer'
|
|
clamav_milter_send_reject_msg: true
|
|
clamav_milter_reject_msg: 'Virus %v present, email rejected!'
|
|
clamav_milter_add_header: true
|
|
clamav_milter_add_header_action: 'Add'
|
|
clamav_milter_report_hostname: '{{ ansible_fqdn }}'
|
|
clamav_milter_clamd_net_socket_addrs:
|
|
- {addr: '{{ clamav_clamd_net_main_socket_addr }}', port: '{{ clamav_clamd_net_socket_port }}'}
|