# install clamav
# we run freshclam (with daemons stopped) and then starting the daemons should work
# (avoiding 'clamav-daemon not started: "ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met"')

- name: Install clamav
  ansible.builtin.apt:
    name: "{{ packages }}"
  vars:
    packages:
      - clamav
      - clamav-daemon
      - clamav-freshclam

- name: Stop clamav daemons
  ansible.builtin.systemd:
    name: "{{ item }}"
    state: stopped
  loop:
    - clamav-freshclam
    - clamav-daemon

- name: Run freshclam
  ansible.builtin.command: freshclam
  register: out
  changed_when: out.rc != 0

- name: Start clamav daemons
  ansible.builtin.systemd:
    name: "{{ item }}"
    state: started
  loop:
    - clamav-daemon
    - clamav-freshclam

- name: Install clamdscan
  ansible.builtin.apt:
    name: "{{ packages }}"
  vars:
    packages:
      - clamdscan

- name: Set clamav BytecodeSecurity to Paranoid
  ansible.builtin.lineinfile:
    path: /etc/clamav/clamd.conf
    regexp: '^BytecodeSecurity'
    line: 'BytecodeSecurity Paranoid'

- name: Restart clamav-daemon
  ansible.builtin.systemd:
    name: clamav-daemon
    state: restarted