Forge Home

clamav

Safely manages clamav

13,943 downloads

201 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 6.8.0 (latest)
  • 6.7.0
  • 6.6.0
  • 6.5.0
  • 6.4.1
  • 6.4.0
  • 6.3.0
  • 6.2.0
  • 6.1.1
  • 6.1.0
  • 6.0.2
  • 6.0.1
  • 6.0.0
  • 4.1.2
  • 4.1.1
released Oct 12th 2023
This version is compatible with:
  • Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-clamav', '6.8.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-clamav
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-clamav --version 6.8.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: clamav, simp

Documentation

simp/clamav — version 6.8.0 Oct 12th 2023

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide.

Table of Contents

Description

This module provides an interface to the installation and management of ClamAV.

See REFERENCE.md for API documentation.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.

  • If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review the simp-simp_options module for details. These catalysts are used by SIMP to allow users to override default behavior of classes that are included by default.

NOTE:

  • SIMP's clamav class was removed from the default class list in all SIMP scenarios in SIMP 6.5. Users of SIMP 6.5 or later must manually add clamav to the class list or include it via a manifest.

  • Because of the SIMP 6.5 clamav change, SIMP's simp_options::clamav catalyst has been deprecated and will be removed in a future release. In the interim, the catalyst is still used as a wrapper for this module for backwards compatibility. Therefore, you must have simp_options::clamav undefined or set to true for this module to do anything.

  • Setting the SIMP catalyst, simp_options::clamav, to false does not uninstall ClamAV, it simply prevents this module from doing anything. See the Using clamav section below for how to remove ClamAV from the system.

Using clamav

This module can be used to add or remove clamav from a system.

To manage ClamAV with this module:

include clamav

By default this module will install ClamAV and set up a cron to do a scan.

To remove ClamAV from the system set the following via Hiera:

---
clamav::enable: false

Enabling updates

Generally, your updates will be provided by an upstream package repository, such as EPEL. However, there are two optional methods for enabling DAT file updates.

freshclam

To enable the freshclam update system, set the following via Hiera:

---
clamav::enable_freshclam: true

NOTE: No additional configuration of freshclam is currently supported. To update the configuration file, you will need to create your own File resource.

rsync

You may choose to enable rsync downloads of the DAT files from a SIMP rsync server. The module defaults are already set to support this configuration.

Client side

Add the following to Hiera to enable rsync downloads:

---
clamav::enable_data_rsync: true
Server side

To add DAT files to the server, you should place them in /var/simp/environments/<environment>/rsync/Global/clamav and ensure that the permissions are set to 409:409.

Limitations

SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.

Development

Please see the SIMP Contribution Guidelines.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites

Please refer to the SIMP Beaker Helpers documentation for more information.

Some environment variables may be useful:

BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes
  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.