Skip to content

cisagov/ansible-role-clamav

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ea66f9d Â· Nov 17, 2023
Jun 21, 2023
Nov 17, 2023
Jun 21, 2023
Jul 10, 2023
Nov 17, 2023
Nov 8, 2023
Jul 5, 2023
Jun 7, 2023
May 6, 2019
May 3, 2019
Apr 12, 2021
Oct 19, 2020
Feb 25, 2022
Jun 21, 2023
Jun 7, 2019
Feb 25, 2022
Jun 11, 2021
Jun 24, 2019
Jun 21, 2023
Feb 18, 2020
May 16, 2023
Jun 9, 2020
Jun 7, 2023
Jun 13, 2023

Repository files navigation

ansible-role-clamav 🦪

GitHub Build Status CodeQL

Installs ClamAV and a related cron job. This allows servers to be quickly queried en mass for any matched signatures. The ClamAV-Report tool can be used to gather scan data from systems using this role.

Requirements

None.

Role Variables

Variable Description Default Required
clamav_clamd_configuration A dictionary of values to set in the clamd configuration file. {} No
clamav_configuration_backup Whether or not to backup configuration files before changing. false No
clamav_cron_frequency The frequency of ClamAV scanning. Must be one of: hourly, daily, weekly, or monthly. weekly No
clamav_freshclam_configuration A dictionary of values to set in the freshclam configuration file. {} No
clamav_scan_copy Whether to copy infected files to quarantine folder. false No
clamav_scan_exclude_directories A list of regexes matching directory trees that are to be excluded from scan operations. [^/dev, ^/proc, ^/sys, ^/var/spool/clamav] No
clamav_scan_extra_flags Additional flags to pass to clamscan (see clamscan man page for reference). [] No
clamav_scan_move Whether to move infected files to a quarantine directory. false No
clamav_scan_quarantine_directory Directory to store infected files. /var/spool/clamav No
clamav_scan_quarantine_group Group owner to apply to quarantine directory. root No
clamav_scan_quarantine_mode Permissions to apply to quarantine directory. 0750 No
clamav_scan_quarantine_owner Owner to apply to quarantine directory. root No
clamav_seboolean_name The name of the SELinux boolean used to configure whether or not ClamAV is allowed to scan files. Note that this variable is only used when SELinux is enabled. antivirus_can_scan_system No
clamav_seboolean_state The value to use for the SELinux boolean that configures whether or not ClamAV is allowed to scan files. Note that this variable is only used when SELinux is enabled. true No

Example

clamav_freshclam_configuration:
  DatabaseMirror: ['db.local.clamav.net', 'database.clamav.net']
  Bytecode: 'true'
  PrivateMirror:

would change:

  ...
  DatabaseMirror foo.bar.com
  DatabaseMirror bar.baz.com
  PrivateMirror private.mirror.local
  Bytecode false
  ...

to:

  ...
  DatabaseMirror db.local.clamav.net
  DatabaseMirror database.clamav.net
  Bytecode true
  ...

Dependencies

None.

Example Playbook

Here's how to use it in a playbook:

- hosts: all
  become: yes
  become_method: sudo
  tasks:
    - name: Install ClamAV and a cron job to run automated AV scans
      ansible.builtin.include_role:
        name: clamav

Cron job output

The log of the last scan is accessible at: /var/log/clamav/lastscan.log

If a detection occurs the file /var/log/clamav/last_detection will be touched. Its modification time represents the time of the last detection.

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

Author Information

Mark Feldhousen, Jr. - mark.feldhousen@gwe.cisa.dhs.gov