add clamav filtering, with sanesecurity signature updating and provider whitelisting (#3625)

Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616

1 files changed, 48 insertions, 0 deletions

diff --git a/puppet/modules/clamav/manifests/milter.pp b/puppet/modules/clamav/manifests/milter.pp
new file mode 100644
index 00000000..52ddaef1
--- /dev/null
+++ b/puppet/modules/clamav/manifests/milter.pp
@@ -0,0 +1,48 @@
+class clamav::milter {
+
+  $clamav                = hiera('clamav')
+  $whitelisted_addresses = $clamav['whitelisted_addresses']
+  $domain_hash           = hiera('domain')
+  $domain                = $domain_hash['full_suffix']
+
+  package { 'clamav-milter': ensure => installed }
+
+  service {
+    'clamav-milter':
+      ensure     => running,
+      enable     => true,
+      name       => clamav-milter,
+      pattern    => '/usr/sbin/clamav-milter',
+      hasrestart => true,
+      subscribe  => File['/etc/default/clamav-milter'];
+  }
+
+  file {
+    '/run/clamav/milter.ctl':
+      mode    => '0666',
+      owner   => clamav,
+      group   => postfix,
+      require => Class['clamav::daemon'];
+
+    '/etc/clamav/clamav-milter.conf':
+      content   => template('clamav/clamav-milter.conf.erb'),
+      mode      => '0644',
+      owner     => root,
+      group     => root,
+      subscribe => Service['clamav-milter'];
+
+    '/etc/default/clamav-milter':
+      source => 'puppet:///modules/clamav/clamav-milter_default',
+      mode   => '0644',
+      owner  => root,
+      group  => root;
+
+    '/etc/clamav/whitelisted_addresses':
+      content => template('clamav/whitelisted_addresses.erb'),
+      mode    => '0644',
+      owner   => root,
+      group   => root;
+
+  }
+
+}