ansible-mailserver-debian/mail_system/tasks/clamav.yml

# install clamav
# we run freshclam (with daemons stopped) and then starting the daemons should work
# (avoiding 'clamav-daemon not started: "ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met"')

- name: install clamav
  apt:
    name: "{{ packages }}"
  vars:
    packages:
    - clamav
    - clamav-daemon
    - clamav-freshclam

- name: stop clamav daemons
  systemd:
    name: "{{ item }}"
    state: stopped
  loop:
    - clamav-freshclam
    - clamav-daemon

- name: run freshclam
  shell: freshclam

- name: start clamav daemons
  systemd:
    name: "{{ item }}"
    state: started
  loop:
    - clamav-daemon
    - clamav-freshclam

- name: install clamav-unofficial-sigs, clamdscan
  apt:
    name: "{{ packages }}"
  vars:
    packages:
    - clamav-unofficial-sigs
    - clamdscan

- name: set clamav BytecodeSecurity to Paranoid
  lineinfile:
    path: /etc/clamav/clamd.conf
    regexp: '^BytecodeSecurity'
    line: 'BytecodeSecurity Paranoid'

- name: restart clamav-daemon
  systemd:
    name: clamav-daemon
    state: restarted