ansible-mailserver-debian/mail_system/tasks/clamav.yml

# install clamav
# we run freshclam (with daemons stopped) and then starting the daemons should work
# (avoiding 'clamav-daemon not started: "ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met"')

- name: Install clamav
  ansible.builtin.apt:
    name: "{{ packages }}"
  vars:
    packages:
      - clamav
      - clamav-daemon
      - clamav-freshclam

- name: Stop clamav daemons
  ansible.builtin.systemd:
    name: "{{ item }}"
    state: stopped
  loop:
    - clamav-freshclam
    - clamav-daemon

- name: Run freshclam
  ansible.builtin.command: freshclam
  register: out
  changed_when: out.rc != 0

- name: Start clamav daemons
  ansible.builtin.systemd:
    name: "{{ item }}"
    state: started
  loop:
    - clamav-daemon
    - clamav-freshclam

- name: Install clamdscan
  ansible.builtin.apt:
    name: "{{ packages }}"
  vars:
    packages:
      - clamdscan

- name: Set clamav BytecodeSecurity to Paranoid
  ansible.builtin.lineinfile:
    path: /etc/clamav/clamd.conf
    regexp: '^BytecodeSecurity'
    line: 'BytecodeSecurity Paranoid'

- name: Restart clamav-daemon
  ansible.builtin.systemd:
    name: clamav-daemon
    state: restarted
clone from private repo 2019-09-19 10:43:17 +02:00			`# install clamav`
			`# we run freshclam (with daemons stopped) and then starting the daemons should work`
			`# (avoiding 'clamav-daemon not started: "ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met"')`

Update to trixie 2026-03-22 13:09:26 +01:00			`- name: Install clamav`
			`ansible.builtin.apt:`
clone from private repo 2019-09-19 10:43:17 +02:00			`name: "{{ packages }}"`
			`vars:`
			`packages:`
Update to trixie 2026-03-22 13:09:26 +01:00			`- clamav`
			`- clamav-daemon`
			`- clamav-freshclam`
clone from private repo 2019-09-19 10:43:17 +02:00
Update to trixie 2026-03-22 13:09:26 +01:00			`- name: Stop clamav daemons`
			`ansible.builtin.systemd:`
clone from private repo 2019-09-19 10:43:17 +02:00			`name: "{{ item }}"`
			`state: stopped`
			`loop:`
			`- clamav-freshclam`
			`- clamav-daemon`

Update to trixie 2026-03-22 13:09:26 +01:00			`- name: Run freshclam`
			`ansible.builtin.command: freshclam`
			`register: out`
			`changed_when: out.rc != 0`
clone from private repo 2019-09-19 10:43:17 +02:00
Update to trixie 2026-03-22 13:09:26 +01:00			`- name: Start clamav daemons`
			`ansible.builtin.systemd:`
clone from private repo 2019-09-19 10:43:17 +02:00			`name: "{{ item }}"`
			`state: started`
			`loop:`
			`- clamav-daemon`
			`- clamav-freshclam`

Update to trixie 2026-03-22 13:09:26 +01:00			`- name: Install clamdscan`
			`ansible.builtin.apt:`
clone from private repo 2019-09-19 10:43:17 +02:00			`name: "{{ packages }}"`
			`vars:`
			`packages:`
Update to trixie 2026-03-22 13:09:26 +01:00			`- clamdscan`
clone from private repo 2019-09-19 10:43:17 +02:00
Update to trixie 2026-03-22 13:09:26 +01:00			`- name: Set clamav BytecodeSecurity to Paranoid`
			`ansible.builtin.lineinfile:`
clone from private repo 2019-09-19 10:43:17 +02:00			`path: /etc/clamav/clamd.conf`
			`regexp: '^BytecodeSecurity'`
			`line: 'BytecodeSecurity Paranoid'`

Update to trixie 2026-03-22 13:09:26 +01:00			`- name: Restart clamav-daemon`
			`ansible.builtin.systemd:`
clone from private repo 2019-09-19 10:43:17 +02:00			`name: clamav-daemon`
			`state: restarted`