110 lines
4.8 KiB
YAML
110 lines
4.8 KiB
YAML
---
|
|
- name: configure clamav-daemon
|
|
debconf:
|
|
name: clamav-daemon
|
|
question: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
vtype: "{{ item.type }}"
|
|
loop:
|
|
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
|
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/FollowDirectorySymlinks', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' }
|
|
- { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' }
|
|
- { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' }
|
|
- { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-daemon/LogFile', type: 'string', value: '/var/log/clamav/clamav.log' }
|
|
- { key: 'clamav-daemon/ScanMail', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/BytecodeTimeout', type: 'string', value: '60000' }
|
|
- { key: 'clamav-daemon/LogTime', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/OnAccessMaxFileSize', type: 'string', value: '5M' }
|
|
- { key: 'clamav-daemon/TcpOrLocal', type: 'select', value: 'UNIX' }
|
|
- { key: 'clamav-daemon/MaxEmbeddedPE', type: 'string', value: '10M' }
|
|
- { key: 'clamav-daemon/FixStaleSocket', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/User', type: 'string', value: 'clamav' }
|
|
- { key: 'clamav-daemon/BytecodeSecurity', type: 'select', value: 'TrustSigned' }
|
|
- { key: 'clamav-daemon/ScanSWF', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/MaxDirectoryRecursion', type: 'string', value: '0' }
|
|
- { key: 'clamav-daemon/MaxThreads', type: 'string', value: '12' }
|
|
- { key: 'clamav-daemon/LocalSocketGroup', type: 'string', value: 'clamav' }
|
|
- { key: 'clamav-daemon/MaxScriptNormalize', type: 'string', value: '5M' }
|
|
- { key: 'clamav-daemon/ForceToDisk', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-daemon/StatsHostID', type: 'string', value: 'auto' }
|
|
- { key: 'clamav-daemon/FollowFileSymlinks', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-daemon/TCPSocket', type: 'string', value: '3310' }
|
|
- { key: 'clamav-daemon/TCPAddr', type: 'string', value: 'any' }
|
|
- { key: 'clamav-daemon/DisableCertCheck', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-daemon/SelfCheck', type: 'string', value: '3600' }
|
|
- { key: 'clamav-daemon/LocalSocket', type: 'string', value: '/var/run/clamav/clamd.ctl' }
|
|
- { key: 'clamav-daemon/LocalSocketMode', type: 'string', value: '666' }
|
|
- { key: 'clamav-daemon/StatsTimeout', type: 'string', value: '10' }
|
|
- { key: 'clamav-daemon/MaxZipTypeRcg', type: 'string', value: '1M' }
|
|
- { key: 'clamav-daemon/MaxHTMLNoTags', type: 'string', value: '2M' }
|
|
- { key: 'clamav-daemon/LogSyslog', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-daemon/AddGroups', type: 'string', value: '' }
|
|
- { key: 'clamav-daemon/Bytecode', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-daemon/ScanArchive', type: 'boolean', value: 'true' }
|
|
tags:
|
|
- clamav
|
|
|
|
- name: configure clamav-freshclam
|
|
debconf:
|
|
name: clamav-freshclam
|
|
question: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
vtype: "{{ item.type }}"
|
|
loop:
|
|
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
|
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
|
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-freshclam/local_mirror', type: 'select', value: 'db.fr.clamav.net' }
|
|
- { key: 'clamav-freshclam/http_proxy', type: 'string', value: '' }
|
|
- { key: 'clamav-freshclam/LogRotate', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-freshclam/Bytecode', type: 'boolean', value: 'true' }
|
|
- { key: 'clamav-freshclam/update_interval', type: 'string', value: '24' }
|
|
- { key: 'clamav-freshclam/SafeBrowsing', type: 'boolean', value: 'false' }
|
|
- { key: 'clamav-freshclam/PrivateMirror', type: 'string', value: '' }
|
|
- { key: 'clamav-freshclam/internet_interface', type: 'string', value: '' }
|
|
tags:
|
|
- clamav
|
|
|
|
- name: install ClamAV
|
|
apt:
|
|
name:
|
|
- clamav-daemon
|
|
- clamav
|
|
- clamdscan
|
|
- clamav-freshclam
|
|
- arc
|
|
- arj
|
|
- pax
|
|
- bzip2
|
|
- cabextract
|
|
- rpm
|
|
- lzop
|
|
- razor
|
|
state: present
|
|
tags:
|
|
- clamav
|
|
|
|
- name: add clamav user to amavis group
|
|
user:
|
|
name: clamav
|
|
groups: amavis
|
|
append: True
|
|
tags:
|
|
- clamav
|
|
|
|
- name: allow supplementary groups
|
|
replace:
|
|
dest: /etc/clamav/clamd.conf
|
|
regexp: 'AllowSupplementaryGroups false'
|
|
replace: 'AllowSupplementaryGroups true'
|
|
notify: restart clamav
|
|
tags:
|
|
- clamav
|