ansible/roles/clamav/tasks/main.yml

---
- name: Install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - clamav
    - clamav-update
    - clamd

- name: Fix socket directory permissions
  ansible.builtin.copy:
    dest: /etc/tmpfiles.d/clamd.scan.conf
    content: "d /run/clamd.scan 711 clamscan clamscan"
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Refresh clamd socket directory

- name: Enable clamd local socket
  ansible.builtin.lineinfile:
    path: /etc/clamd.d/scan.conf
    regexp: "^#?LocalSocket .*"
    line: "LocalSocket /run/clamd.scan/clamd.sock"
  notify: Restart clamd

- name: Allow everyone to connect local socket
  ansible.builtin.lineinfile:
    path: /etc/clamd.d/scan.conf
    regexp: "^#?LocalSocketMode .*"
    line: "LocalSocketMode 666"
  notify: Restart clamd

- name: Enable services
  ansible.builtin.service:
    name: "{{ item }}"
    enabled: true
    state: started
  with_items:
    - clamav-freshclam
    - clamd@scan