changed "user" param param for RedHat 7 and up to root

manifests/freshclam.pp

@@ -13,23 +13,32 @@
 # <code>clamav::freshclam::proxy_port</code>: http proxy port
 # <code>clamav::freshclam::proxy_server</code>: http proxy server
 #
+# @param service_ensure: op Debian, indien cron job disabled
+#
 class clamav::freshclam (
-  $enable = hiera('clamav::freshclam::enable',true),
-  $minute = hiera('clamav::freshclam::minute',fqdn_rand(59)),
-  $hour = hiera('clamav::freshclam::hour',fqdn_rand(23)),
-  $command = hiera('clamav::freshclam::command','/usr/bin/freshclam --quiet'),
-  $proxy_server = hiera('clamav::freshclam::proxy_server',''),
-  $proxy_port = hiera('clamav::freshclam::proxy_port',''),
-  $proxy_username = hiera('clamav::freshclam::proxy_username',''),
-  $proxy_password = hiera('clamav::freshclam::proxy_password',''),
-  $logfile = '/var/log/clamav/freshclam.log',
+  Boolean $enable        = true,
+  String $service_ensure = running,
+  Integer $minute        = fqdn_rand(59),
+  Integer $hour          = fqdn_rand(23),
+  String $command        = '/usr/bin/freshclam --quiet',
+  String $proxy_server   = '',
+  String $proxy_port     = '',
+  String $proxy_username = '',
+  String $proxy_password = '',
+  String $logfile        = '/var/log/clamav/freshclam.log',
+  String $package_ensure = $clamav::params::package_ensure,
 ) {
   include clamav::params
 
-  file { '/etc/freshclam.conf':
-    ensure  => present,
+  $ensure = $package_ensure ? {
+    /(absent|purged)/ => absent,
+    default       => present,
+    }
+
+  file { $clamav::params::freshclam_config_file:
+    ensure  => $ensure,
     owner   => $clamav::params::user,
-    mode    => '0400',
+    mode    => $clamav::params::freshclam_config_file_mode,
     content => template('clamav/freshclam.conf.erb'),
     require => Package[$clamav::params::package],
   }
@@ -43,20 +52,33 @@
     command => $command,
     minute  => $minute,
     hour    => $hour,
-    require => File['/etc/freshclam.conf'],
+    require => File[ $clamav::params::freshclam_config_file ],
+  }
+
+  # $enable means the cron job
+  if ( $::facts['os']['family'] == 'Debian' and $enable == false ) {
+    service { "clamav-freshclam":
+      ensure    => $service_ensure,
+      subscribe => File[ $clamav::params::freshclam_config_file ],
+    }
   }
 
   # remove the freshclam cron that is installed with the package
   file { '/etc/cron.daily/freshclam':
     ensure  => absent,
-    require => File['/etc/freshclam.conf'],
+    require => File[ $clamav::params::freshclam_config_file],
+  }
+
+  file { '/etc/cron.d/clamav-update':
+    ensure  => absent,
+    require => File[ $clamav::params::freshclam_config_file],
   }
 
   # ensure proper permissions on our logfile
   file { $logfile:
-    ensure  => present,
+    ensure  => $ensure,
     owner   => $clamav::params::user,
     mode    => '0644',
-    require => File['/etc/freshclam.conf'],
+    require => File[ $clamav::params::freshclam_config_file],
   }
 }

manifests/init.pp

@@ -3,17 +3,14 @@
 # Install clamav
 #
 class clamav (
-  $whitelist_sig = [],
-  $whitelist_sha = [],
-  $whitelist_md5 = [],
-) {
+  Array $whitelist_sig = [],
+  Array $whitelist_sha = [],
+  Array $whitelist_md5 = [],
+  $package_ensure      = $clamav::params::package_ensure,
+) inherits clamav::params {
   include clamav::package
   include clamav::params
 
-  validate_array($whitelist_sig)
-  validate_array($whitelist_sha)
-  validate_array($whitelist_md5)
-
   $whitelist_sig_count = count($whitelist_sig)
   $whitelist_sha_count = count($whitelist_sha)
   $whitelist_md5_count = count($whitelist_md5)
@@ -37,22 +34,28 @@
     require => Class['clamav::package'],
   }
 
-  file { [ '/etc/clamav', '/etc/clamav/scans' ]:
-    ensure  => directory,
-  }
+  if ( ! $package_ensure in ['purged', 'absent']){
+    file { [ '/etc/clamav', '/etc/clamav/scans' ]:
+      ensure  => directory,
+    }
 
-  file { '/var/lib/clamav/local.ign2':
-    ensure  => $whitelist_sig_ensure,
-    content => template('clamav/whitelist.ign2.erb')
-  }
+    file { '/var/lib/clamav/local.ign2':
+      ensure  => $whitelist_sig_ensure,
+      content => template('clamav/whitelist.ign2.erb')
+    }
 
-  file { '/var/lib/clamav/local.sfp':
-    ensure  => $whitelist_sha_ensure,
-    content => template('clamav/whitelist.sfp.erb')
-  }
+    file { '/var/lib/clamav/local.sfp':
+      ensure  => $whitelist_sha_ensure,
+      content => template('clamav/whitelist.sfp.erb')
+    }
+
+    file { '/var/lib/clamav/local.fp':
+      ensure  => $whitelist_md5_ensure,
+      content => template('clamav/whitelist.fp.erb')
+    }
 
-  file { '/var/lib/clamav/local.fp':
-    ensure  => $whitelist_md5_ensure,
-    content => template('clamav/whitelist.fp.erb')
+    file { '/var/log/clamav':
+        ensure => directory,
+    }
   }
 }

manifests/package.pp

@@ -5,5 +5,5 @@
 class clamav::package {
   include clamav::params
 
-  package { $clamav::params::package: ensure => installed }
+  package { $clamav::params::package: ensure => $clamav::package_ensure }
 }

manifests/params.pp

@@ -1,17 +1,32 @@
 class clamav::params {
-  case $::osfamily {
+  case $facts[os][family] {
     'Debian': {
       $user = 'clamav'
+      $package = 'clamav'
       $clamscan_bin = '/usr/bin/clamscan'
+      $freshclam_config_file = '/etc/clamav/freshclam.conf'
+      $freshclam_config_file_mode = '444'
+    }
+    'RedHat': {
+      $user = $facts['os']['release']['major'] ? {
+        6       => 'clam',
+        default => 'root',
+      }
+      $package = [ "clamav", "clamav-update"]
+      $clamscan_bin = '/usr/bin/clamscan'
+      $freshclam_config_file = '/etc/freshclam.conf'
+      $freshclam_config_file_mode = '400'
     }
     default: {
-      # we default to assuming RedHat family OSes
       $user = 'clam'
+      $package = 'clamav'
       $clamscan_bin = '/usr/bin/clamscan'
+      $freshclam_config_file = '/etc/freshclam.conf'
+      $freshclam_config_file_mode = '400'
     }
   }
 
-  $package = 'clamav'
+  $package_ensure = present
 
   $clamd_config_file = '/etc/clamd.conf'
   $clamd_service_name = 'clamd'

manifests/scan.pp

@@ -67,6 +67,7 @@
   $action_ok = '',
   $action_virus = '',
   $enable = true,
+  $ensure = present,
   $hour = fqdn_rand(23,$title),
   $minute = fqdn_rand(59,$title),
   $month = 'UNSET',
@@ -99,7 +100,7 @@
   }
 
   file { $scancmd:
-    ensure  => present,
+    ensure  => $ensure,
     owner   => $clamav::params::user,
     mode    => '0500',
     content => template('clamav/scan.sh.erb'),
@@ -112,17 +113,18 @@
     default => 'absent',
   }
   $month_r = $month ? {
-    'UNSET' => undef,
+    'UNSET' => '*',
     default => $month,
   }
   $monthday_r = $monthday ? {
-    'UNSET' => undef,
+    'UNSET' => '*',
     default => $monthday,
   }
   $weekday_r = $weekday ? {
-    'UNSET' => undef,
+    'UNSET' => '*',
     default => $weekday,
   }
+
   cron { "clamav-scan-${title}":
     ensure   => $cron_ensure,
     command  => $scancmd,