From cbe1123ede86042ab0d62bc4f972f026301d5016 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 9 Jul 2016 19:57:56 +0200
Subject: ClamAV (FreshClam): use a localized Database Mirror.

As db.local.clamav.net is not always properly localized.  Furthermore,
our previous Ansiblee script did not ensure ordering of the
DatabaseMirror lines.
---
 roles/common/tasks/clamav.yml                      | 11 ++++----
 .../common/templates/etc/clamav/freshclam.conf.j2  | 32 ++++++++++++++++++++++
 2 files changed, 37 insertions(+), 6 deletions(-)
 create mode 100644 roles/common/templates/etc/clamav/freshclam.conf.j2

(limited to 'roles')

diff --git a/roles/common/tasks/clamav.yml b/roles/common/tasks/clamav.yml
index e1ece0d..de11ee6 100644
--- a/roles/common/tasks/clamav.yml
+++ b/roles/common/tasks/clamav.yml
@@ -6,12 +6,11 @@
     - clamav-freshclam
 
 - name: Configure FreshClam
-  lineinfile: "dest=/etc/clamav/freshclam.conf
-              line='DatabaseMirror {{ item }}'"
-  with_items:
-    - db.local.clamav.net
-    - database.clamav.net
-    - db.other.clamav.net
+  template: src=etc/clamav/freshclam.conf.j2
+            dest=/etc/clamav/freshclam.conf
+            owner=root group=root
+            mode=0644
+  tags: freshclam
   notify:
     - Restart freshclam
 
diff --git a/roles/common/templates/etc/clamav/freshclam.conf.j2 b/roles/common/templates/etc/clamav/freshclam.conf.j2
new file mode 100644
index 0000000..06cebd1
--- /dev/null
+++ b/roles/common/templates/etc/clamav/freshclam.conf.j2
@@ -0,0 +1,32 @@
+# Automatically created by the clamav-freshclam postinst
+# Comments will get lost when you reconfigure the clamav-freshclam package
+
+DatabaseOwner clamav
+UpdateLogFile /var/log/clamav/freshclam.log
+LogVerbose false
+LogSyslog false
+LogFacility LOG_LOCAL6
+LogFileMaxSize 0
+LogRotate true
+LogTime true
+Foreground false
+Debug false
+MaxAttempts 5
+DatabaseDirectory /var/lib/clamav
+DNSDatabaseInfo current.cvd.clamav.net
+ConnectTimeout 30
+ReceiveTimeout 30
+TestDatabases yes
+ScriptedUpdates yes
+CompressLocalDatabase no
+SafeBrowsing false
+Bytecode true
+NotifyClamd /etc/clamav/clamd.conf
+# Check for new database 24 times a day
+Checks 24
+DatabaseMirror db.{{ geoip | default('local') }}.clamav.net
+{% if geoip is defined and ansible_default_ipv6 %}
+DatabaseMirror db.{{ geoip }}.ipv6.clamav.net
+{% endif %}
+DatabaseMirror database.clamav.net
+DatabaseMirror db.other.clamav.net
-- 
cgit v1.2.3