summaryrefslogtreecommitdiff
path: root/puppet/modules/clamav/manifests/daemon.pp
blob: c0a4a45078887348739dfb885a6fd0a64f49bcc4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# deploy clamav daemon
class clamav::daemon {

  $domain_hash           = hiera('domain')
  $domain                = $domain_hash['full_suffix']

  package { [ 'clamav-daemon', 'arj' ]:
    ensure => installed;
  }

  service {
    'clamav-daemon':
      ensure     => running,
      name       => clamav-daemon,
      pattern    => '/usr/sbin/clamd',
      enable     => true,
      hasrestart => true,
      require    => Package['clamav-daemon'];
  }

  file {
    '/var/run/clamav':
      ensure  => directory,
      mode    => '0750',
      owner   => clamav,
      group   => postfix,
      require => [Package['postfix'], Package['clamav-daemon']],
      notify  => Service['clamav-daemon'];

    '/var/lib/clamav':
      mode    => '0755',
      owner   => clamav,
      group   => clamav,
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];

    '/etc/default/clamav-daemon':
      source  => 'puppet:///modules/clamav/clamav-daemon_default',
      mode    => '0644',
      owner   => root,
      group   => root,
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];

    # this file contains additional domains that we want the clamav
    # phishing process to look for (our domain)
    '/var/lib/clamav/local.pdb':
      content => template('clamav/local.pdb.erb'),
      mode    => '0644',
      owner   => clamav,
      group   => clamav,
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];
  }

  file_line {
    'clamav_daemon_tmp':
      path    => '/etc/clamav/clamd.conf',
      line    => 'TemporaryDirectory /var/tmp',
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];

    'enable_phishscanurls':
      path    => '/etc/clamav/clamd.conf',
      match   => 'PhishingScanURLs no',
      line    => 'PhishingScanURLs yes',
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];

    'clamav_LogSyslog_true':
      path    => '/etc/clamav/clamd.conf',
      match   => '^LogSyslog false',
      line    => 'LogSyslog true',
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];

    'clamav_MaxThreads':
      path    => '/etc/clamav/clamd.conf',
      match   => 'MaxThreads 20',
      line    => 'MaxThreads 100',
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];
  }

  # remove LogFile line
  file_line {
    'clamav_LogFile':
      path    => '/etc/clamav/clamd.conf',
      match   => '^LogFile .*',
      line    => '',
      require => Package['clamav-daemon'],
      notify  => Service['clamav-daemon'];
  }

}