clamav

Table of Contents

1. Overview
2. Module Description - What the module does and why it is useful
3. Setup - The basics of getting started with clamav
   • What clamav affects
   • Setup requirements
   • Beginning with clamav
4. Usage - Configuration options and additional functionality
5. Reference - An under-the-hood peek at what the module is doing and how
6. Limitations - OS compatibility, etc.
7. Development - Guide for contributing to the module
8. Contributors

Overview

Puppet Module to install/configure clamd and freshclam on Debian and RedHat

Module Description

The clamav module provides some classes to install and configure most of the components of clamav.
You may also choose to manage only the parts that you need.
This module aims to be minimalistic.
No options produces stock config files as provided by your package installer.

This module has the following components that can be managed (or not):

• Base clamav package - command line and libs
• clamav user
• clam daemon
• freshclam daemon/cron (dependent on OS)
• clamav-milter (RHEL7 and derivatives only for now)

Setup

What clamav affects

• clamav/clamd/freshclam package install
• clamav/clamd/freshclam config files
• clamd/freshclam services or daily cron on redhat
• clamav-milter package install, config files, service (optional)
• clam user/group (optional)

Setup Requirements

only need to install the module

Beginning with clamav

Minimal clamav package install for command line use:

include clamav

Usage

Manage the clam and freshclam daemon with stock config

class { 'clamav':
  manage_clamd             => true,
  manage_freshclam         => true,
  clamd_service_ensure     => 'running',
  freshclam_service_ensure => 'stopped',
}

Also manage the clam user and group

class { 'clamav':
  manage_user      => true,
  uid              => 499,
  gid              => 499,
  shell            => '/sbin/nologin',
  manage_clamd     => true,
  manage_freshclam => true,
}

Customize the clamd and freshclam config

class { 'clamav':
  manage_clamd      => true,
  manage_freshclam  => true,
  clamd_options     => {
    'MaxScanSize' => '500M',
    'MaxFileSize' => '150M',
  },
  freshclam_options => {
    'LogTime'         => 'yes',
    'HTTPProxyServer' => 'myproxy.proxy.com',
    'HTTPProxyPort'   => '80',
    'NotifyClamd'     => '/etc/clamd.conf',
    'DatabaseMirror'  => [
      'clam.host1.mydomain.com',
      'clam.host2.mydomain.com',
    ],
  },
}

Add clamav-milter support and customize its config (RHEL7 and derivatives only)

Please note that as of RHEL 7.2 only the TCP socket has been tested successfully

class { 'clamav':
  manage_repo           => false,
  clamd_options         => {
    'TCPSocket' => '3310',
    'TCPAddr'   => '127.0.0.1',
  },

  clamav_milter_options => {
    'AddHeader'  => 'add',
    'OnInfected' => 'Reject',
    'RejectMsg'  => 'Message rejected: Infected by %v',
  },

  manage_clamd          => true,
  manage_freshclam      => true,
  manage_clamav_milter  => true,
  clamd_service_ensure  => 'running',
}

Configure with hiera yaml

include clamav

---
clamav::manage_clamd: true
clamav::manage_freshclam: true

clamav::clamd_options:
  MaxScanSize: 500M
  MaxFileSize: 150M
clamav::freshclam_options:
  LogTime: yes
  HTTPProxyServer: myproxy.proxy.com
  HTTPProxyPort: 80
  NotifyClamd: /etc/clamd.conf
  DatabaseMirror:
  - clam.host1.mydomain.com
  - clam.host2.mydomain.com

Reference

Classes

• clamav
• clamav::user
• clamav::clamd
• clamav::freshclam

Limitations

This module has been built on and tested against Puppet 3.8 and higher.
While I am sure other versions work, I have not tested them.

This module supports modern RedHat and Debian based systems.
No plans to support other versions (unless you add it :)..

Development

Pull Requests welcome