diff options
| -rw-r--r-- | production | 13 | ||||
| -rw-r--r-- | roles/common/tasks/clamav.yml | 11 | ||||
| -rw-r--r-- | roles/common/templates/etc/clamav/freshclam.conf.j2 | 32 |
3 files changed, 44 insertions, 12 deletions
@@ -1,20 +1,21 @@ [mistral] -mistral.fripost.org +mistral.fripost.org geoip=se [elefant] -elefant.fripost.org mxno=1 +elefant.fripost.org geoip=se mxno=1 [giraff] -giraff.fripost.org +giraff.fripost.org geoip=se [antilop] -antilop.fripost.org +antilop.fripost.org geoip=se [civett] -civett.friprogramvarusyndikatet.se mxno=2 +civett.friprogramvarusyndikatet.se geoip=se mxno=2 [benjamin] -benjamin.skangas.se +benjamin.skangas.se geoip=se + # ldap.fripost.org [LDAP-provider:children] diff --git a/roles/common/tasks/clamav.yml b/roles/common/tasks/clamav.yml index e1ece0d..de11ee6 100644 --- a/roles/common/tasks/clamav.yml +++ b/roles/common/tasks/clamav.yml @@ -6,12 +6,11 @@ - clamav-freshclam - name: Configure FreshClam - lineinfile: "dest=/etc/clamav/freshclam.conf - line='DatabaseMirror {{ item }}'" - with_items: - - db.local.clamav.net - - database.clamav.net - - db.other.clamav.net + template: src=etc/clamav/freshclam.conf.j2 + dest=/etc/clamav/freshclam.conf + owner=root group=root + mode=0644 + tags: freshclam notify: - Restart freshclam diff --git a/roles/common/templates/etc/clamav/freshclam.conf.j2 b/roles/common/templates/etc/clamav/freshclam.conf.j2 new file mode 100644 index 0000000..06cebd1 --- /dev/null +++ b/roles/common/templates/etc/clamav/freshclam.conf.j2 @@ -0,0 +1,32 @@ +# Automatically created by the clamav-freshclam postinst +# Comments will get lost when you reconfigure the clamav-freshclam package + +DatabaseOwner clamav +UpdateLogFile /var/log/clamav/freshclam.log +LogVerbose false +LogSyslog false +LogFacility LOG_LOCAL6 +LogFileMaxSize 0 +LogRotate true +LogTime true +Foreground false +Debug false +MaxAttempts 5 +DatabaseDirectory /var/lib/clamav +DNSDatabaseInfo current.cvd.clamav.net +ConnectTimeout 30 +ReceiveTimeout 30 +TestDatabases yes +ScriptedUpdates yes +CompressLocalDatabase no +SafeBrowsing false +Bytecode true +NotifyClamd /etc/clamav/clamd.conf +# Check for new database 24 times a day +Checks 24 +DatabaseMirror db.{{ geoip | default('local') }}.clamav.net +{% if geoip is defined and ansible_default_ipv6 %} +DatabaseMirror db.{{ geoip }}.ipv6.clamav.net +{% endif %} +DatabaseMirror database.clamav.net +DatabaseMirror db.other.clamav.net |