๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/clamav/defaults/main.yml

73 lines
2.1 KiB

2 years ago
clamav_user: clamav
clamav_group: clamav
clamav_conf_dir: /etc/clamav
clamav_db_dir: /opt/clamav
clamav_conf_file: "{{ clamav_conf_dir }}/clamd.conf"
clamav_freshclam_conf_file: "{{ clamav_conf_dir }}/freshclam.conf"
clamav_milter_conf_file: "{{ clamav_conf_dir }}/clamav-milter.conf"
clamav_socket: /run/clamav/clamd.sock
clamav_max_file_size: "{{ mail_server.max_mail_size_bytes | d('25M') }}"
clamav_default_config:
clamav:
log_syslog: yes
log_facility: LOG_LOCAL0
extended_detection_info: yes
pid_file: /run/clamav/clamd.pid
database_directory: "{{ clamav_db_dir }}"
local_socket: "{{ clamav_socket }}"
local_socket_mode: 660
stream_max_length: "{{ clamav_max_file_size }}"
self_check: 3600
concurrent_database_reload: no
user: "{{ clamav_user }}"
detect_p_u_a: yes
heuristic_scan_precedence: no
alert_encrypted: yes
alert_encrypted_archive: yes
alert_encrypted_doc: yes
max_scan_time: 30000
max_file_size: "{{ clamav_max_file_size }}"
max_recursion: 12
alert_exceeds_max: yes
bytecode: yes
bytecode_security: Paranoid
freshclam:
log_syslog: yes
log_facility: LOG_LOCAL0
pid_file: /run/clamav/freshclam.pid
database_directory: "{{ clamav_db_dir }}"
database_owner: "{{ clamav_user }}"
update_log_file: /dev/stdout
checks: 4
test_databases: no
bytecode: yes
safe_browsing: yes
notify_clamd: "{{ clamav_conf_file }}"
scripted_updates: no
private_mirror: https://packages.microsoft.com/clamav
milter:
log_syslog: yes
log_facility: LOG_LOCAL0
log_infected: Basic
log_clean: Basic
milter_socket: "inet:{{ mail_server.clamav_port | d(7357) }}"
user: "{{ clamav_user }}"
clamd_socket: "unix:{{ clamav_socket }}"
max_file_size: "{{ clamav_max_file_size }}"
on_infected: Reject
add_header: Add
report_hostname: "{{ (mail_server.mta_actual_hostname ~ '.' ~ mail_server.tld) if
(mail_server.mta_actual_hostname is defined) and (mail_server.tld is defined) else 'clamav' }}"
support_multiple_recipients: yes
foreground: yes