From f8762c5a000b443b6d84b7a4839bebdd5c5c0f37 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 24 Sep 2020 19:58:22 +0000
Subject: [PATCH] clamav: Allow all logged users to scan files

---
 roles/clamav/tasks/main.yml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/roles/clamav/tasks/main.yml b/roles/clamav/tasks/main.yml
index 8957c7d..bd7983d 100644
--- a/roles/clamav/tasks/main.yml
+++ b/roles/clamav/tasks/main.yml
@@ -9,13 +9,29 @@
     - clamav-update
     - clamd
 
+- name: fix socket directory permissions
+  copy:
+    dest: /etc/tmpfiles.d/clamd.scan.conf
+    content: "d /run/clamd.scan 711 clamscan clamscan"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart clamd
+
 - name: enable clamd local socket
   lineinfile:
     path: /etc/clamd.d/scan.conf
-    regexp: "^#LocalSocket .*"
+    regexp: "^#?LocalSocket .*"
     line: "LocalSocket /run/clamd.scan/clamd.sock"
   notify: restart clamd
 
+- name: allow everyone to connect local socket
+  lineinfile:
+    path: /etc/clamd.d/scan.conf
+    regexp: "^#?LocalSocketMode .*"
+    line: "LocalSocketMode 666"
+  notify: restart clamd
+
 - name: link clamd service
   file:
     dest: /etc/systemd/system/clamd@scan.service