broadinstitute/puppet-clamav

Name: puppet-clamav

Owner: Broad Institute

Description: Puppet Module for managing ClamAV

Forked from: edestecd/puppet-clamav

Created: 2016-06-06 18:46:26.0

Updated: 2016-06-06 18:46:26.0

Pushed: 2017-07-26 18:40:58.0

Homepage: null

Size: 126

Language: Puppet

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

clamav

Table of Contents

1. Overview
2. Module Description - What the module does and why it is useful
3. Setup - The basics of getting started with clamav
   • What clamav affects
   • Setup requirements
   • Beginning with clamav
4. Usage - Configuration options and additional functionality
5. Reference - An under-the-hood peek at what the module is doing and how
6. Limitations - OS compatibility, etc.
7. Development - Guide for contributing to the module
8. Contributors

Overview

Puppet Module to install/configure clamd and freshclam on Debian and RedHat

Module Description

The clamav module provides some classes to install and configure most of the components of clamav.
You may also choose to manage only the parts that you need.
This module aims to be minimalistic.
No options produces stock config files as provided by your package installer.

This module has the following components that can be managed (or not):

• Base clamav package - command line and libs
• clamav user
• clam daemon
• freshclam daemon/cron (dependent on OS)
• clamav-milter (RHEL7 and derivatives only for now)

Setup

What clamav affects

• clamav/clamd/freshclam package install
• clamav/clamd/freshclam config files
• clamd/freshclam services or daily cron on redhat
• clamav-milter package install, config files, service (optional)
• clam user/group (optional)

Setup Requirements

only need to install the module

Beginning with clamav

Minimal clamav package install for command line use:

ude clamav

Usage

Manage the clam and freshclam daemon with stock config

s { 'clamav':
nage_clamd             => true,
nage_freshclam         => true,
amd_service_ensure     => 'running',
eshclam_service_ensure => 'stopped',

Also manage the clam user and group

s { 'clamav':
nage_user      => true,
d              => 499,
d              => 499,
ell            => '/sbin/nologin',
nage_clamd     => true,
nage_freshclam => true,

Customize the clamd and freshclam config

s { 'clamav':
nage_clamd      => true,
nage_freshclam  => true,
amd_options     => {
'MaxScanSize' => '500M',
'MaxFileSize' => '150M',

eshclam_options => {
'LogTime'         => 'yes',
'HTTPProxyServer' => 'myproxy.proxy.com',
'HTTPProxyPort'   => '80',
'NotifyClamd'     => '/etc/clamd.conf',
'DatabaseMirror'  => [
  'clam.host1.mydomain.com',
  'clam.host2.mydomain.com',
],

Add clamav-milter support and customize its config (RHEL7 and derivatives only)

Please note that as of RHEL 7.2 only the TCP socket has been tested successfully

s { 'clamav':
nage_repo           => false,
amd_options         => {
'TCPSocket' => '3310',
'TCPAddr'   => '127.0.0.1',


amav_milter_options => {
'AddHeader'  => 'add',
'OnInfected' => 'Reject',
'RejectMsg'  => 'Message rejected: Infected by %v',


nage_clamd          => true,
nage_freshclam      => true,
nage_clamav_milter  => true,
amd_service_ensure  => 'running',

Configure with hiera yaml

ude clamav

av::manage_clamd: true
av::manage_freshclam: true

av::clamd_options:
xScanSize: 500M
xFileSize: 150M
av::freshclam_options:
gTime: yes
TPProxyServer: myproxy.proxy.com
TPProxyPort: 80
tifyClamd: /etc/clamd.conf
tabaseMirror:
clam.host1.mydomain.com
clam.host2.mydomain.com

Reference

Classes

• clamav
• clamav::user
• clamav::clamd
• clamav::freshclam

Limitations

This module has been built on and tested against Puppet 3.8 and higher.
While I am sure other versions work, I have not tested them.

This module supports modern RedHat and Debian based systems.
No plans to support other versions (unless you add it :)..

Development

Pull Requests welcome