diff --git a/library/roles/clamav/defaults/main.yml b/library/roles/clamav/defaults/main.yml index ebd3f869..d2f94a71 100644 --- a/library/roles/clamav/defaults/main.yml +++ b/library/roles/clamav/defaults/main.yml @@ -21,6 +21,10 @@ clamav_unofficial_sigs_rh_pkgs: - clamav-unofficial-sigs - perl +clamav_signatures_db_dir: '/var/lib/clamav' +clamav_signatures_dbs_to_wipe: + - 'scamnailer.ndb' + clamav_clamd_user: clamscan clamav_clamd_conf_file: '/etc/clamd.d/scan.conf' clamav_clamd_verbose_logging: 'yes' diff --git a/library/roles/clamav/tasks/main.yml b/library/roles/clamav/tasks/main.yml index 6f94e363..78484ae9 100644 --- a/library/roles/clamav/tasks/main.yml +++ b/library/roles/clamav/tasks/main.yml @@ -34,6 +34,15 @@ - name: Ensure that the clamd service is running and enabled service: name=clamd@scan state=started enabled=yes + - name: Wipe some signature files that are broken. + copy: content="" dest={{ clamav_signatures_db_dir }}/{{ item }} force=yes + with_items: '{{ clamav_signatures_dbs_to_wipe }}' + tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ] + + - name: Install a cron job that wipes the wrong signature files, just in case they reappear after an update + cron: name="Wipe some clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_signatures_dbs_to_wipe %}echo '' > {{ clamav_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}" + tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ] + when: clamav_install | bool tags: [ 'clamav', 'clamav_clamd', 'clamav_config' ] @@ -50,7 +59,7 @@ with_items: '{{ clamav_additional_signatures_dbs_to_wipe }}' notify: Restart clamd - - name: Install a cron job that wipes the wrong signature files, just in case they reappear after an update + - name: Install a cron job that wipes the wrong unofficial signature files, just in case they reappear after an update cron: name="Wipe some unofficial clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_additional_signatures_dbs_to_wipe %}echo '' > {{ clamav_additional_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}" when: clamav_unofficial_sigs_install | bool