---
#
# clamd wants a lot of RAM at startup time. Ensure to have at least 4GB of available memory
#
clamav_install: true
clamav_milter_install: false
clamav_clamd_spamassassin_service: false
clamav_unofficial_sigs_install: '{{ clamav_install }}'
# See https://urlhaus.abuse.ch/api/#clamav
clamav_urlhaus_signatures_install: '{{ clamav_install }}'

clamav_rh_pkgs:
  - clamd
  - clamav-filesystem
  - clamav
  - clamav-data
  - clamav-lib
  - clamav-update

clamav_milter_rh_pkgs:
  - clamav-milter

clamav_unofficial_sigs_rh_pkgs:
  - clamav-unofficial-sigs
  - perl

clamav_signatures_dbs_to_wipe: []
#  - 'scamnailer.ndb'
clamav_signatures_whitelist_file: 'local_whitelist.ign2'
clamav_signatures_whitelist: []

# Main service (clamd@scan)
clamav_clamd_verbose_logging: 'yes'
clamav_clamd_extended_info: 'yes'
clamav_clamd_pidfile: '/run/clamd.scan/clamd.pid'
clamav_clamd_tmp: '/var/tmp'
clamav_clamd_official_db_only: 'no'
clamav_clamd_alert_exceeding_max: 'no'
clamav_clamd_use_local_socket: true
clamav_clamd_local_socket: '/run/clamd.scan/clamd.sock'
clamav_clamd_use_net_socket: false
clamav_clamd_net_socket_port: 3310
clamav_clamd_net_main_socket_addr: '127.0.0.1'
clamav_clamd_net_socket_addrs:
  - '{{ clamav_clamd_net_main_socket_addr }}'
# Set this to your MTA max message size. Expressed in MB (M)
clamav_clamd_stream_max_lenght: 25
clamav_clamd_detect_pua: true
clamav_clamd_heuristic_alert: 'yes'
clamav_clamd_heuristic_has_precedence: 'no'
clamav_clamd_heuristic_broken_executable: 'no'
clamav_clamd_heuristic_ole_macros: 'no'
clamav_clamd_heuristic_phishing_ssl_mismatch: 'no'
clamav_clamd_heuristic_phishing_cloak: 'no'
clamav_clamd_heuristic_partition_intersection: 'no'
clamav_clamd_additional_doc_scanning: true
clamav_clamd_email_scan: 'yes'
clamav_clamd_html_scan: 'yes'
clamav_clamd_archives_scan: 'yes'
clamav_clamd_max_scan_time: 120000
# Options: None, TrustSigned, Paranoid. Stick to the default
clamav_clamd_bytecode_security: 'TrustSigned'

# service used by spamassassin
clamav_clamd_spamassassin_verbose_logging: 'yes'
clamav_clamd_spamassassin_extended_info: 'yes'
clamav_clamd_spamassassin_pidfile: '/run/clamd.spamassassin/clamd.pid'
clamav_clamd_spamassassin_tmp: '/var/tmp'
clamav_clamd_spamassassin_official_db_only: 'no'
clamav_clamd_spamassassin_use_local_socket: true
clamav_clamd_spamassassin_local_socket: '/run/clamd.spamassassin/clamd.sock'
clamav_clamd_spamassassin_use_net_socket: false
clamav_clamd_spamassassin_net_socket_port: 3311
clamav_clamd_spamassassin_net_main_socket_addr: '127.0.0.1'
clamav_clamd_spamassassin_net_socket_addrs: 
  - '{{ clamav_clamd_spamassassin_net_main_socket_addr }}'
clamav_clamd_spamassassin_stream_max_lenght: 25
clamav_clamd_spamassassin_user: '{{ clamav_clamd_user }}'
clamav_clamd_spamassassin_detect_pua: true
clamav_clamd_spamassassin_heuristic_alert: 'yes'
clamav_clamd_spamassassin_heuristic_has_precedence: 'no'
clamav_clamd_spamassassin_heuristic_broken_executable: 'yes'
clamav_clamd_spamassassin_heuristic_ole_macros: 'yes'
clamav_clamd_spamassassin_heuristic_phishing_ssl_mismatch: 'yes'
clamav_clamd_spamassassin_heuristic_phishing_cloak: 'yes'
clamav_clamd_spamassassin_heuristic_partition_intersection: 'yes'
clamav_clamd_spamassassin_additional_doc_scanning: true
clamav_clamd_spamassassin_email_scan: 'yes'
clamav_clamd_spamassassin_html_scan: 'yes'
clamav_clamd_spamassassin_archives_scan: 'yes'
clamav_clamd_spamassassin_max_scan_time: 120000
clamav_clamd_spamassassin_alert_exceeding_max: 'yes'
# Options: None, TrustSigned, Paranoid. Stick to the default
clamav_clamd_spamassassin_bytecode_security: 'TrustSigned'

#
# Unofficial signatures
#
clamav_additional_signatures_use_proxy: false
clamav_additional_signatures_use_proxy_auth: false
clamav_additional_signatures_proxy_host: ''
clamav_additional_signatures_proxy_port: 3128
clamav_additional_signatures_proxy_user: ''
clamav_additional_signatures_proxy_pwd: ''
clamav_additional_signatures_db_dir: '/var/lib/clamav-unofficial-sigs'
clamav_additional_signatures_dbs_to_wipe:
  - 'dbs-ss/scamnailer.ndb'

# Freshclam
clamav_freshclam_check_frequency: 12
clamav_freshclam_use_proxy: false
clamav_freshclam_use_proxy_auth: false
clamav_freshclam_proxy_host: ''
clamav_freshclam_proxy_port: 3128
clamav_freshclam_proxy_user: ''
clamav_freshclam_proxy_pwd: ''
clamav_freshclam_reload_clamd: true
clamav_freshclam_enable_bytecode: 'yes'
# clamav_freshclam_additional_databases:
#   - ''
#   - ''
clamav_freshclam_custom_urls: []
# See https://github.com/InQuest/awesome-yara for a set of curated repositories
#
# From https://gist.github.com/alsyundawy/9df58b03506bad8ccd08e06d15a8fa93
# Malware
# - https://cdn.malware.expert/malware.expert.ndb
# - https://cdn.malware.expert/malware.expert.hdb
# - https://cdn.malware.expert/malware.expert.ldb
# - https://cdn.malware.expert/malware.expert.fp
# Sanesecurity + Foxhole
# - https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-INFO-Low.ldb
# - https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-Low.ldb
# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_BlackEnergy.yara
# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_sigtest.yara
# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_spam.yara
# - https://ftp.swin.edu.au/sanesecurity/badmacro.ndb
# - https://ftp.swin.edu.au/sanesecurity/blurl.ndb
# - https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
# - https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
# - https://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb
# - https://ftp.swin.edu.au/sanesecurity/doppelstern-phishtank.ndb
# - https://ftp.swin.edu.au/sanesecurity/doppelstern.hdb
# - https://ftp.swin.edu.au/sanesecurity/doppelstern.ndb
# - https://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
# - https://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
# - https://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
# - https://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
# - https://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
# - https://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
# - https://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
# - https://ftp.swin.edu.au/sanesecurity/junk.ndb
# - https://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
# - https://ftp.swin.edu.au/sanesecurity/jurlbla.ndb
# - https://ftp.swin.edu.au/sanesecurity/lott.ndb
# - https://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
# - https://ftp.swin.edu.au/sanesecurity/phish.ndb
# - https://ftp.swin.edu.au/sanesecurity/rogue.hdb
# - https://ftp.swin.edu.au/sanesecurity/scam.ndb
# - https://ftp.swin.edu.au/sanesecurity/scamnailer.ndb
# - https://ftp.swin.edu.au/sanesecurity/shelter.ldb
# - https://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
# - https://ftp.swin.edu.au/sanesecurity/spam.ldb
# - https://ftp.swin.edu.au/sanesecurity/spamattach.hdb
# - https://ftp.swin.edu.au/sanesecurity/spamimg.hdb
# - https://ftp.swin.edu.au/sanesecurity/spear.ndb
# - https://ftp.swin.edu.au/sanesecurity/spearl.ndb
# winnow
# - https://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
# - https://ftp.swin.edu.au/sanesecurity/winnow.complex.patterns.ldb
# - https://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
# - https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
# - https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware_links.ndb
# - https://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
# - https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete.ndb
# - https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
# - https://ftp.swin.edu.au/sanesecurity/winnow_spam_complete.ndb
# bofhland
# - https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
# - https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
# Porcupine
# - https://ftp.swin.edu.au/sanesecurity/porcupine.ndb
# - https://ftp.swin.edu.au/sanesecurity/phishtank.ndb
# - https://ftp.swin.edu.au/sanesecurity/porcupine.hsb
# maldet
# - https://www.rfxn.com/downloads/rfxn.ndb
# - https://www.rfxn.com/downloads/rfxn.hdb

# tcp example: inet:7357@127.0.0.1
clamav_milter_socket: 'local:/run/clamav-milter/clamav-milter.socket'
clamav_milter_use_whitelist_file: false
clamav_milter_whitelist_file: '/etc/mail/clamav-whitelist'
clamav_milter_use_skip_authenticated_file: false
clamav_milter_skip_authenticated_file: '/etc/mail/clamav-skip-authenticated'
clamav_milter_onclean_action: 'Accept'
clamav_milter_oninfected_action: 'Reject'
clamav_milter_onfail_action: 'Defer'
clamav_milter_send_reject_msg: true
clamav_milter_reject_msg: 'Virus %v present, email rejected!'
clamav_milter_add_header: true
clamav_milter_add_header_action: 'Add'
clamav_milter_report_hostname: '{{ ansible_fqdn }}'
clamav_milter_clamd_net_socket_addrs:
  - {addr: '{{ clamav_clamd_net_main_socket_addr }}', port: '{{ clamav_clamd_net_socket_port }}'}