Overriding umask

[pfuntner]

I observed that if you ran the role on a "hardened" system that specified umask 077 in /etc/profile, the clamd scanner service might fail. journalctl -xe shows:

-- Unit clamd@scan.service has begun starting up.
Jan 21 13:02:04 ip-172-31-62-254.ec2.internal clamd[1763]: Received 0 file descriptor(s) from systemd.
Jan 21 13:02:04 ip-172-31-62-254.ec2.internal clamd[1762]: LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/daily.cvd
Jan 21 13:02:04 ip-172-31-62-254.ec2.internal clamd[1762]: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/daily.cvd
Jan 21 13:02:04 ip-172-31-62-254.ec2.internal clamd[1762]: LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav
Jan 21 13:02:04 ip-172-31-62-254.ec2.internal clamd[1762]: ERROR: Can't open file or directory

At the time of the error, the /var/lib/clamav files are:

-rw-------. 1 clamupdate clamupdate    296388 Jan 20 20:02 bytecode.cvd
-rw-------. 1 clamupdate clamupdate 110819851 Jan 20 20:01 daily.cvd
-rw-------. 1 clamupdate clamupdate 117859675 Jan 20 20:02 main.cvd

I made changes to the role to override the umask to make the files readable elsewhere and allow the service to start.

[pfuntner]

This PR is no longer of much need to my team and I. I had various issues with distros even after my changes and had better luck building ClamAV from scratch using the source code.

[stale[bot]]

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

[stale[bot]]

This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.