Fix ClamAV role eicar test

* Correct permissions of /var/lib/clamav to allow all users to list the directory * Replace use of `sigtool` with a hardcoded signature for EICAR, as this triggers Microsoft Defender during the `molecule converge` (a temp file is created locally during the `ansible.builtin.copy`).
hic-infra · Apr 23, 2024 · c5aab6e · c5aab6e
1 parent c759262
commit c5aab6e
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/clamav/tasks/test-eicar.yml b/clamav/tasks/test-eicar.yml
@@ -3,20 +3,20 @@
 # Disable this check if we are testing, or managing updates in a different way
 # For testing only!
 
-- name: Create eicar file
+- name: Create an EICAR signature db for ClamAV
   become: true
-  ansible.builtin.copy:
-    content: |-
-      X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
-    dest: /root/eicar.com
-    mode: "0644"
+  copy:
+    # This is the sha256 with file length and a name
+    content: |
+      44d88612fea8a8f36de82e1278abb02f:68:eicar
+    dest: /var/lib/clamav/eicar.hdb
 
-- name: Create eicar dummy signature dummy files
+- name: Correct permissions /var/lib/clamav
   become: true
-  ansible.builtin.shell: >
-    sigtool --md5 /root/eicar.com > /var/lib/clamav/eicar.hdb
-  args:
-    creates: /var/lib/clamav/eicar.hdb
+  ansible.builtin.file:
+    path: /var/lib/clamav
+    state: directory
+    mode: "0755"
 
 # /etc/init.d/clamav-daemon checks for presence of some startup locations
 - name: Create clamav dummy inc directories