Coder Social home page Coder Social logo

ansible-role-clamav's Introduction

clamav

Build Status

Install clamav package.

Requirements

This role requires Ansible 2.2 or higher, and platform requirements are listed in the metadata file.

Testing

This role use Molecule to run tests.

Local and Travis tests run tests on Docker by default. See molecule documentation to use other backend.

Currently, tests are done on:

  • Debian Jessie
  • Ubuntu Trusty
  • Ubuntu Xenial

and use:

  • Ansible 2.2.x
  • Ansible 2.3.x
  • Ansible 2.4.x

Running tests

Using Docker driver

$ tox

Role Variables

Default role variables

# Packages management
clamav_packages: "{{ _clamav_packages }}"
clamav_system_dependencies: "{{ _clamav_system_dependencies }}"

# General settings
clamav_log_folder: '/var/log/clamav'
clamav_config_folder: '/etc/clamav'
clamav_config_owner: 'clamav'
clamav_config_group: 'clamav'
clamav_config_mode: '0644'

clamav_clamd_binary: '/usr/bin/clamd'
clamav_freshclam_binary: '/usr/bin/freshclam'
clamav_clamd_service_name: 'clamav-daemon'
clamav_freshclam_service_name: 'clamav-freshclam'
clamav_scan_binary: '/usr/bin/clamscan'
clamav_freshclam_log_file_path: '/var/log/clamav/freshclam.log'

# Settings used to check freshlog locking
clamav_freshlog_lock_retries: 5
clamav_freshlog_lock_delay: 5

# Virus database update cron job
clamav_cron_update_create_task: True
clamav_cron_update_minute: 0
clamav_cron_update_hour: 2
clamav_cron_update_weekday: '*'
clamav_cron_update_day: '*'
clamav_cron_update_month: '*'

# Scan cron job
clamav_cron_scan_create_task: True
clamav_cron_scan_minute: 30
clamav_cron_scan_hour: 2
clamav_cron_scan_weekday: '*'
clamav_cron_scan_day: '*'
clamav_cron_scan_month: '*'
clamav_cron_scan_dest:
  - '/data'
  - '/tmp'
clamav_cron_scan_exclude_dirs: "{{ clamav_clamd_exclude_paths }}"

# Logrotate configuration
clamav_logrotate_config:
  - filename: '/etc/logrotate.d/clamav-daemon'
    log_pattern: '/var/log/clamav/clamav.log'
    options:
      - 'rotate 12'
      - 'weekly'
      - 'compress'
      - 'delaycompress'
      - 'create 640 clamav adm'
      - 'postrotate'
      - '/etc/init.d/clamav-daemon reload-log > /dev/null'
      - 'endscript'
  - filename: '/etc/logrotate.d/clamav-freshclam'
    log_pattern: '/var/log/clamav/freshclam.log'
    options:
      - 'rotate 12'
      - 'weekly'
      - 'compress'
      - 'delaycompress'
      - 'missingok'
      - 'create 640 clamav adm'
      - 'postrotate'
      - '/etc/init.d/clamav-freshclam reload-log > /dev/null'
      - 'endscript'
  - filename: '/etc/logrotate.d/clamav-cron-jobs'
    log_pattern: '/var/log/clamav/cron*.log'
    options:
      - 'rotate 7'
      - 'daily'
      - 'compress'
      - 'delaycompress'
      - 'missingok'
      - 'create 640 clamav adm'

# Clamd config file variables
# Note: if clamav_clamd_socket_type is 'local', then the variables
#   clamav_clamd_local_socket
#   clamav_clamd_fix_stale_socket
#   clamav_clamd_local_socket_group
#   clamav_clamd_local_socket_mode
# will be included in the clamd config. Otherwise,
#   clamav_clamd_tcp_socket
# will be included.
clamav_clamd_socket_type: 'local'
clamav_clamd_local_socket: '/var/run/clamav/clamd.ctl'
clamav_clamd_fix_stale_socket: 'true'
clamav_clamd_local_socket_group: 'clamav'
clamav_clamd_local_socket_mode: 666
clamav_clamd_tcp_socket: 3310
clamav_clamd_user: 'clamav'
clamav_clamd_allow_supplementary_groups: 'true'
clamav_clamd_scan_mail: 'true'
clamav_clamd_scan_archive: 'true'
clamav_clamd_archive_block_encrypted: 'false'
clamav_clamd_max_directory_recursion: 15
clamav_clamd_follow_directory_symlinks: 'false'
clamav_clamd_follow_file_symlinks: 'false'
clamav_clamd_read_timeout: 180
clamav_clamd_max_threads: 12
clamav_clamd_max_connection_queue_length: 15
clamav_clamd_log_syslog: 'false'
clamav_clamd_log_rotate: 'true'
clamav_clamd_log_facility: 'LOG_LOCAL6'
clamav_clamd_log_clean: 'false'
clamav_clamd_log_verbose: 'false'
clamav_clamd_pid_file: '/var/run/clamav/clamd.pid'
clamav_clamd_database_directory: '/var/lib/clamav'
clamav_clamd_self_check: 3600
clamav_clamd_foreground: 'false'
clamav_clamd_debug: 'false'
clamav_clamd_scan_pe: 'true'
clamav_clamd_max_embedded_pe: '10M'
clamav_clamd_scan_ole2: 'true'
clamav_clamd_scan_pdf: 'true'
clamav_clamd_scan_html: 'true'
clamav_clamd_max_html_normalize: '10M'
clamav_clamd_max_html_no_tags: '2M'
clamav_clamd_max_script_normalize: '5M'
clamav_clamd_max_zip_type_rcg: '1M'
clamav_clamd_scan_swf: 'true'
clamav_clamd_detect_broken_executables: 'false'
clamav_clamd_exit_on_oom: 'false'
clamav_clamd_leave_temporary_files: 'false'
clamav_clamd_algorithmic_detection: 'true'
clamav_clamd_scan_elf: 'true'
clamav_clamd_idle_timeout: 30
clamav_clamd_exclude_paths: []
clamav_clamd_phishing_signatures: 'true'
clamav_clamd_phishing_scan_urls: 'true'
clamav_clamd_phishing_always_block_ssl_mismatch: 'false'
clamav_clamd_phishing_always_block_cloak: 'false'
clamav_clamd_partition_intersection: 'false'
clamav_clamd_detect_pua: 'false'
clamav_clamd_scan_partial_messages: 'false'
clamav_clamd_heuristic_scan_precedence: 'false'
clamav_clamd_structured_data_detection: 'false'
clamav_clamd_command_read_timeout: 5
clamav_clamd_send_buf_timeout: 200
clamav_clamd_max_queue: 100
clamav_clamd_extended_detection_info: 'true'
clamav_clamd_ole2_block_macros: 'false'
clamav_clamd_scan_on_access: 'false'
clamav_clamd_allow_all_match_scan: 'true'
clamav_clamd_force_to_disk: 'false'
clamav_clamd_disable_cert_check: 'false'
clamav_clamd_disable_cache: 'false'
clamav_clamd_max_scan_size: '100M'
clamav_clamd_max_file_size: '25M'
clamav_clamd_max_recursion: 10
clamav_clamd_max_files: 10000
clamav_clamd_max_partitions: 50
clamav_clamd_max_icons_pe: 100
clamav_clamd_stats_enabled: 'false'
clamav_clamd_stats_pe_disabled: 'true'
clamav_clamd_stats_host_id: 'auto'
clamav_clamd_stats_timeout: 10
clamav_clamd_stream_max_length: '25M'
clamav_clamd_log_file: "{{ clamav_log_folder }}/clamav.log"
clamav_clamd_log_time: 'true'
clamav_clamd_log_file_unlock: 'false'
clamav_clamd_log_file_max_size: 0
clamav_clamd_bytecode: 'true'
clamav_clamd_bytecode_security: 'TrustSigned'
clamav_clamd_bytecode_timeout: 60000
clamav_clamd_official_database_only: 'false'
clamav_clamd_cross_filesystems: 'true'

# Fresclam config file variables
clamav_freshclam_database_owner: 'clamav'
clamav_freshclam_update_log_file: "{{ clamav_log_folder }}/freshclam.log"
clamav_freshclam_log_verbose: 'false'
clamav_freshclam_log_syslog: 'false'
clamav_freshclam_log_facility: 'LOG_LOCAL6'
clamav_freshclam_log_file_max_size: 0
clamav_freshclam_log_rotate: 'true'
clamav_freshclam_log_time: 'true'
clamav_freshclam_foreground: 'false'
clamav_freshclam_debug: 'false'
clamav_freshclam_max_attempts: 5
clamav_freshclam_database_directory: '/var/lib/clamav'
clamav_freshclam_dns_database_info: 'current.cvd.clamav.net'
clamav_freshclam_allow_supplementary_groups: 'false'
clamav_freshclam_pid_file: '/var/run/clamav/freshclam.pid'
clamav_freshclam_connect_timeout: 30
clamav_freshclam_receive_timeout: 30
clamav_freshclam_test_databases: 'yes'
clamav_freshclam_scripted_updates: 'yes'
clamav_freshclam_compress_local_database: 'no'
clamav_freshclam_bytecode: 'true'
clamav_freshclam_checks: 24
clamav_freshclam_database_mirror:
  - 'database.clamav.net'
  - 'db.local.clamav.net'

Dependencies

None

Example Playbook

- hosts: servers
  roles:
    - { role: Temelio.clamav }

License

MIT

Author Information

Alexandre Chaussier (for Temelio company)

ansible-role-clamav's People

Contributors

achaussier avatar bhudgeons avatar pyup-bot avatar wangsha avatar

Watchers

avatar

Forkers

bhudgeons wangsha infopen-forks isabella232

ansible-role-clamav's Issues

Tests fail from insufficient memory

test with vagrant fails:


  1) clamav Ansible role Process "clamd" should be running
     On host `127.0.0.1'
     Failure/Error: it { should be_running }
       expected Process "clamd" to be running
       sudo -p 'Password: ' /bin/sh -c ps\ -C\ clamd\ -o\ pid\=\ \|\ head\ -1

cause:

Mon Jun 12 20:56:08 2017 -> +++ Started at Mon Jun 12 20:56:08 2017
Mon Jun 12 20:56:08 2017 -> Received 0 file descriptor(s) from systemd.
Mon Jun 12 20:56:08 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mon Jun 12 20:56:08 2017 -> Log file size limited to 4294967295 bytes.
Mon Jun 12 20:56:08 2017 -> Reading databases from /var/lib/clamav
Mon Jun 12 20:56:08 2017 -> Not loading PUA signatures.
Mon Jun 12 20:56:08 2017 -> Bytecode: Security mode set to "TrustSigned".
Mon Jun 12 20:56:17 2017 -> Loaded 6297527 signatures.
Mon Jun 12 20:56:18 2017 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Jun 12 20:56:18 2017 -> LOCAL: Setting connection queue length to 15
Mon Jun 12 20:56:18 2017 -> ERROR: daemonize() failed: Cannot allocate memory
Mon Jun 12 20:56:18 2017 -> Socket file removed.

Initial Update

Hi ๐Ÿ‘Š

This is my first visit to this fine repo, but it seems you have been working hard to keep all dependencies updated so far.

Once you have closed this issue, I'll create separate pull requests for every update as soon as I find one.

That's it for now!

Happy merging! ๐Ÿค–

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.