Merge pull request 'Fixes #577. Disattivato il db clamav con le firme di scamnailer.' (#203) from adellam/ansible-roles:master into master

This commit is contained in:
Andrea Dell'Amico 2020-05-20 02:37:58 +02:00
commit d690559009
2 changed files with 14 additions and 1 deletions

View File

@ -21,6 +21,10 @@ clamav_unofficial_sigs_rh_pkgs:
- clamav-unofficial-sigs - clamav-unofficial-sigs
- perl - perl
clamav_signatures_db_dir: '/var/lib/clamav'
clamav_signatures_dbs_to_wipe:
- 'scamnailer.ndb'
clamav_clamd_user: clamscan clamav_clamd_user: clamscan
clamav_clamd_conf_file: '/etc/clamd.d/scan.conf' clamav_clamd_conf_file: '/etc/clamd.d/scan.conf'
clamav_clamd_verbose_logging: 'yes' clamav_clamd_verbose_logging: 'yes'

View File

@ -34,6 +34,15 @@
- name: Ensure that the clamd service is running and enabled - name: Ensure that the clamd service is running and enabled
service: name=clamd@scan state=started enabled=yes service: name=clamd@scan state=started enabled=yes
- name: Wipe some signature files that are broken.
copy: content="" dest={{ clamav_signatures_db_dir }}/{{ item }} force=yes
with_items: '{{ clamav_signatures_dbs_to_wipe }}'
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ]
- name: Install a cron job that wipes the wrong signature files, just in case they reappear after an update
cron: name="Wipe some clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_signatures_dbs_to_wipe %}echo '' > {{ clamav_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}"
tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ]
when: clamav_install | bool when: clamav_install | bool
tags: [ 'clamav', 'clamav_clamd', 'clamav_config' ] tags: [ 'clamav', 'clamav_clamd', 'clamav_config' ]
@ -50,7 +59,7 @@
with_items: '{{ clamav_additional_signatures_dbs_to_wipe }}' with_items: '{{ clamav_additional_signatures_dbs_to_wipe }}'
notify: Restart clamd notify: Restart clamd
- name: Install a cron job that wipes the wrong signature files, just in case they reappear after an update - name: Install a cron job that wipes the wrong unofficial signature files, just in case they reappear after an update
cron: name="Wipe some unofficial clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_additional_signatures_dbs_to_wipe %}echo '' > {{ clamav_additional_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}" cron: name="Wipe some unofficial clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_additional_signatures_dbs_to_wipe %}echo '' > {{ clamav_additional_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}"
when: clamav_unofficial_sigs_install | bool when: clamav_unofficial_sigs_install | bool