2019-12-18 15:47:03 +01:00
---
- name : Install the clamav packages
block :
- name : Install the clamav packages on RH based systems
yum : pkg={{ clamav_rh_pkgs }} state=present
when : clamav_install | bool
- name : Install the clamav unofficial signature packages on RH based systems
yum : pkg={{ clamav_unofficial_sigs_rh_pkgs }} state=present
when : clamav_unofficial_sigs_install | bool
- name : Install the clamav milter packages on RH based systems
yum : pkg={{ clamav_milter_rh_pkgs}} state=present
when : clamav_milter_install | bool
when : ansible_distribution_file_variety == "RedHat"
tags : [ 'clamav' , 'clamav_clamd' ]
- name : Configure freshclam and clamd
block :
- name : Install the clamd configuration
template : src=scan.conf.j2 dest={{ clamav_clamd_conf_file }} owner=root group=root mode=0444
2020-01-14 17:49:26 +01:00
notify : Restart clamd
2019-12-18 15:47:03 +01:00
- name : Install the freshclam configuration
template : src=freshclam.conf.j2 dest=/etc/freshclam.conf owner=root group=root mode=0400
2020-01-11 16:32:46 +01:00
- name : Change the /var/lib/clamav permissions so that freshclam can write into it
file : dest=/var/lib/clamav state=directory owner=clamscan group=clamupdate mode='u=rwx,g=rwsx,o=rx'
2020-01-14 17:49:26 +01:00
- name : Add the clamupdate user to the clamscan group so that it can update the signatures
user : name=clamupdate groups=clamscan append=yes
2019-12-18 15:47:03 +01:00
- name : Ensure that the clamd service is running and enabled
service : name=clamd@scan state=started enabled=yes
2020-05-20 02:53:59 +02:00
- name : Remove some signature files that are broken.
file : dest={{ clamav_signatures_db_dir }}/{{ item }} state=absent
2020-05-20 02:37:01 +02:00
with_items : '{{ clamav_signatures_dbs_to_wipe }}'
tags : [ 'clamav' , 'clamav_clamd' , 'clamav_config' , 'clamav_signatures' ]
- name : Install a cron job that wipes the wrong signature files, just in case they reappear after an update
2020-05-20 02:53:59 +02:00
cron : name="Wipe some clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_signatures_dbs_to_wipe %}/bin/rm -f {{ clamav_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}"
2020-05-20 02:37:01 +02:00
tags : [ 'clamav' , 'clamav_clamd' , 'clamav_config' , 'clamav_signatures' ]
2019-12-18 15:47:03 +01:00
when : clamav_install | bool
tags : [ 'clamav' , 'clamav_clamd' , 'clamav_config' ]
- name : Configure clamav unofficial sigs
block :
- name : Install the unofficial sigs configuration files
template : src={{ item }}.j2 dest=/etc/clamav-unofficial-sigs/{{ item }} owner=root group=root mode=0444
with_items :
- os.conf
- user.conf
2020-04-29 14:23:53 +02:00
- name : Wipe some unofficial signature files that are broken. Disabling them seems not enough
copy : content="" dest={{ clamav_additional_signatures_db_dir }}/{{ item }} force=yes
with_items : '{{ clamav_additional_signatures_dbs_to_wipe }}'
notify : Restart clamd
2020-05-20 02:37:01 +02:00
- name : Install a cron job that wipes the wrong unofficial signature files, just in case they reappear after an update
2020-04-29 14:23:53 +02:00
cron : name="Wipe some unofficial clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_additional_signatures_dbs_to_wipe %}echo '' > {{ clamav_additional_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}"
2019-12-18 15:47:03 +01:00
when : clamav_unofficial_sigs_install | bool
2020-04-29 14:23:53 +02:00
tags : [ 'clamav' , 'clamav_clamd' , 'clamav_config' , 'clamav_unofficial_sigs' ]
2019-12-18 15:47:03 +01:00
- name : Configure clamav milter
block :
- name : Install the clamav milter configuration
template : src=clamav-milter.conf.j2 dest=/etc/mail/clamav-milter.conf owner=root group=root mode=0444
notify : Restart clamav-milter
- name : Ensure that clamav milter is running and enabled
service : name=clamav-milter state=started enabled=yes
when : clamav_milter_install | bool
tags : [ 'clamav' , 'clamav_clamd' , 'clamav_config' ]
