This HowTo shows how to install ClamAV and schedule scans using Ansible. There are Ansible modules for this but it’s so simple that you might as well just do it yourself.
Create your playbook. Put the following into a file called “ansible-play-install-clamav.yml”.
---
- hosts: all
sudo: yes
tasks:
- name: Install ClamAV basics
yum: name=clamav state=latest
- name: Install ClamAV scanner
yum: name=clamav-scanner state=latest
- name: Install ClamAV updater
yum: name=clamav-update state=latest
- copy:
src: files/ansible.cron
dest: /etc/cron.d/ansible.cron
owner: root
group: root
mode: 0644
- copy:
src: files/ansible.freshclam
dest: /etc/freshclam.conf
owner: root
group: root
mode: 0644
Create your “hosts” file and populate it with the list (one host per line) of hosts you want to install ClamAV on. I recommend testing on a single machine first.
Create two files in your “files” directory. Make sure to customise the cron file to email to the appropriate email address.
File: ansible.cron
0 3 * * * root /usr/bin/freshclam ; /usr/bin/clamscan / --recursive=yes -i | mail -s clamav_log_`hostname` [email protected] -
File: ansible.freshclam
LogSyslog yes DatabaseMirror database.clamav.net
Finally run Ansible.
ansible-playbook ansible-play-install-clamav.yml -i hosts
What if i’m getting an error that says “no package matching ‘clamav’ found available, installed or updated” ?
You need to install epel-release first.