diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-07-09 19:57:56 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-07-09 20:20:31 +0200 |
| commit | cbe1123ede86042ab0d62bc4f972f026301d5016 (patch) | |
| tree | b3f144b8c6f498e842c31863a28c405423cc96e8 /roles | |
| parent | d237ec31f785c801b29d679f10f8f2d618ff1585 (diff) | |
ClamAV (FreshClam): use a localized Database Mirror.
As db.local.clamav.net is not always properly localized. Furthermore,
our previous Ansiblee script did not ensure ordering of the
DatabaseMirror lines.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/common/tasks/clamav.yml | 11 | ||||
| -rw-r--r-- | roles/common/templates/etc/clamav/freshclam.conf.j2 | 32 |
2 files changed, 37 insertions, 6 deletions
diff --git a/roles/common/tasks/clamav.yml b/roles/common/tasks/clamav.yml index e1ece0d..de11ee6 100644 --- a/roles/common/tasks/clamav.yml +++ b/roles/common/tasks/clamav.yml @@ -6,12 +6,11 @@ - clamav-freshclam - name: Configure FreshClam - lineinfile: "dest=/etc/clamav/freshclam.conf - line='DatabaseMirror {{ item }}'" - with_items: - - db.local.clamav.net - - database.clamav.net - - db.other.clamav.net + template: src=etc/clamav/freshclam.conf.j2 + dest=/etc/clamav/freshclam.conf + owner=root group=root + mode=0644 + tags: freshclam notify: - Restart freshclam diff --git a/roles/common/templates/etc/clamav/freshclam.conf.j2 b/roles/common/templates/etc/clamav/freshclam.conf.j2 new file mode 100644 index 0000000..06cebd1 --- /dev/null +++ b/roles/common/templates/etc/clamav/freshclam.conf.j2 @@ -0,0 +1,32 @@ +# Automatically created by the clamav-freshclam postinst +# Comments will get lost when you reconfigure the clamav-freshclam package + +DatabaseOwner clamav +UpdateLogFile /var/log/clamav/freshclam.log +LogVerbose false +LogSyslog false +LogFacility LOG_LOCAL6 +LogFileMaxSize 0 +LogRotate true +LogTime true +Foreground false +Debug false +MaxAttempts 5 +DatabaseDirectory /var/lib/clamav +DNSDatabaseInfo current.cvd.clamav.net +ConnectTimeout 30 +ReceiveTimeout 30 +TestDatabases yes +ScriptedUpdates yes +CompressLocalDatabase no +SafeBrowsing false +Bytecode true +NotifyClamd /etc/clamav/clamd.conf +# Check for new database 24 times a day +Checks 24 +DatabaseMirror db.{{ geoip | default('local') }}.clamav.net +{% if geoip is defined and ansible_default_ipv6 %} +DatabaseMirror db.{{ geoip }}.ipv6.clamav.net +{% endif %} +DatabaseMirror database.clamav.net +DatabaseMirror db.other.clamav.net |