2 files changed, 37 insertions, 8 deletions

diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp
index 2e13a8fb..322cb892 100644
--- a/puppet/modules/clamav/manifests/daemon.pp
+++ b/puppet/modules/clamav/manifests/daemon.pp
@@ -1,5 +1,6 @@
 # deploy clamav daemon
 class clamav::daemon {
+  include clamav::daemon::activation
 
   $domain_hash           = hiera('domain')
   $domain                = $domain_hash['full_suffix']
@@ -15,7 +16,6 @@ class clamav::daemon {
       pattern    => '/usr/sbin/clamd',
       enable     => true,
       hasrestart => true,
-      subscribe  => File['/etc/default/clamav-daemon'],
       require    => Package['clamav-daemon'];
   }
 
@@ -25,19 +25,23 @@ class clamav::daemon {
       mode    => '0750',
       owner   => clamav,
       group   => postfix,
-      require => [Package['postfix'], Package['clamav-daemon']];
+      require => [Package['postfix'], Package['clamav-daemon']],
+      notify  => Service['clamav-daemon'];
 
     '/var/lib/clamav':
       mode    => '0755',
       owner   => clamav,
       group   => clamav,
-      require => Package['clamav-daemon'];
+      require => Package['clamav-daemon'],
+      notify  => Service['clamav-daemon'];
 
     '/etc/default/clamav-daemon':
-      source => 'puppet:///modules/clamav/clamav-daemon_default',
-      mode   => '0644',
-      owner  => root,
-      group  => root;
+      source  => 'puppet:///modules/clamav/clamav-daemon_default',
+      mode    => '0644',
+      owner   => root,
+      group   => root,
+      require => Package['clamav-daemon'],
+      notify  => Service['clamav-daemon'];
 
     # this file contains additional domains that we want the clamav
     # phishing process to look for (our domain)
@@ -46,7 +50,8 @@ class clamav::daemon {
       mode    => '0644',
       owner   => clamav,
       group   => clamav,
-      require => Package['clamav-daemon'];
+      require => Package['clamav-daemon'],
+      notify  => Service['clamav-daemon'];
   }
 
   file_line {
diff --git a/puppet/modules/clamav/manifests/daemon/activation.pp b/puppet/modules/clamav/manifests/daemon/activation.pp
new file mode 100644
index 00000000..09c1e55e
--- /dev/null
+++ b/puppet/modules/clamav/manifests/daemon/activation.pp
@@ -0,0 +1,24 @@
+# ensure clamav starts after the definitions are downloaded
+# needed because sometimes clamd cannot get started by freshclam,
+# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827909
+class clamav::daemon::activation {
+
+  file { '/etc/systemd/system/clamav-daemon.path':
+    source => 'puppet:///modules/clamav/clamav-daemon.path',
+    mode   => '0644',
+    owner  => root,
+    group  => root,
+    notify => [ Exec['systemctl-daemon-reload'], Systemd::Enable['clamav-daemon.path'] ]
+  }
+
+  systemd::enable { 'clamav-daemon.path':
+    require => Exec['systemctl-daemon-reload'],
+    notify  => Exec['start_clamd_path_monitor']
+  }
+
+  exec { 'start_clamd_path_monitor':
+      command     => '/bin/systemctl start clamav-daemon.path',
+      refreshonly => true,
+      before      => Service['freshclam']
+  }
+}