Forge Home

clamav

Puppet Module for managing ClamAV

319,317 downloads

43,663 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.0 (latest)
  • 1.0.0
  • 0.5.0
  • 0.4.0
  • 0.3.1
  • 0.3.0
  • 0.2.3
  • 0.2.2
  • 0.2.1
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Aug 26th 2020
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'edestecd-clamav', '2.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add edestecd-clamav
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install edestecd-clamav --version 2.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

edestecd/clamav — version 2.0.0 Aug 26th 2020

clamav

Build Status Puppet Forge Puppet Forge Downloads Puppet Forge Score

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with clamav
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module
  8. Contributors

Overview

Puppet Module to install/configure clamd and freshclam on Debian and RedHat

Module Description

The clamav module provides some classes to install and configure most of the components of clamav.
You may also choose to manage only the parts that you need.
This module aims to be minimalistic.
No options produces stock config files as provided by your package installer.

This module has the following components that can be managed (or not):

  • Base clamav package - command line and libs
  • clamav user
  • clam daemon
  • freshclam daemon/cron (dependent on OS)
  • clamav-milter (RHEL7 and derivatives only for now)

Setup

What clamav affects

  • clamav/clamd/freshclam package install
  • clamav/clamd/freshclam config files
  • clamd/freshclam services or daily cron on redhat
  • clamav-milter package install, config files, service (optional)
  • clam user/group (optional)

Setup Requirements

only need to install the module

Beginning with clamav

Minimal clamav package install for command line use:

include clamav

Usage

Manage the clam and freshclam daemon with stock config

class { 'clamav':
  manage_clamd             => true,
  manage_freshclam         => true,
  clamd_service_ensure     => 'running',
  freshclam_service_ensure => 'stopped',
}

Also manage the clam user and group

class { 'clamav':
  manage_user      => true,
  uid              => 499,
  gid              => 499,
  shell            => '/sbin/nologin',
  manage_clamd     => true,
  manage_freshclam => true,
}

Customize the clamd and freshclam config

class { 'clamav':
  manage_clamd      => true,
  manage_freshclam  => true,
  clamd_options     => {
    'MaxScanSize' => '500M',
    'MaxFileSize' => '150M',
  },
  freshclam_options => {
    'LogTime'         => 'yes',
    'HTTPProxyServer' => 'myproxy.proxy.com',
    'HTTPProxyPort'   => '80',
    'NotifyClamd'     => '/etc/clamd.conf',
    'DatabaseMirror'  => [
      'clam.host1.mydomain.com',
      'clam.host2.mydomain.com',
    ],
  },
}

Add clamav-milter support and customize its config (RHEL7 and derivatives only)

Please note that as of RHEL 7.2 only the TCP socket has been tested successfully

class { 'clamav':
  manage_repo           => false,
  clamd_options         => {
    'TCPSocket' => '3310',
    'TCPAddr'   => '127.0.0.1',
  },

  clamav_milter_options => {
    'AddHeader'  => 'add',
    'OnInfected' => 'Reject',
    'RejectMsg'  => 'Message rejected: Infected by %v',
  },

  manage_clamd          => true,
  manage_freshclam      => true,
  manage_clamav_milter  => true,
  clamd_service_ensure  => 'running',
}

Configure with hiera yaml

include clamav
---
clamav::manage_clamd: true
clamav::manage_freshclam: true

clamav::clamd_options:
  MaxScanSize: 500M
  MaxFileSize: 150M
clamav::freshclam_options:
  LogTime: yes
  HTTPProxyServer: myproxy.proxy.com
  HTTPProxyPort: 80
  NotifyClamd: /etc/clamd.conf
  DatabaseMirror:
  - clam.host1.mydomain.com
  - clam.host2.mydomain.com

Reference

Classes

  • clamav
  • clamav::user
  • clamav::clamd
  • clamav::freshclam

Limitations

This module has been built on and tested against Puppet 3.8 and higher.
While I am sure other versions work, I have not tested them.

This module supports modern RedHat and Debian based systems.
No plans to support other versions (unless you add it :)..

Development

Pull Requests welcome