From e24cac889fa072d7997d854a7aec6c5e6527e846 Mon Sep 17 00:00:00 2001
From: Niall Byrne <9848926+niall-byrne@users.noreply.github.com>
Date: Sat, 1 Jul 2023 00:41:41 -0400
Subject: [PATCH] feat(CLAMAV): grant full disk access

---
 .../post_install/variant.common/clamav.yml    | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 profile/tasks/post_install/variant.common/clamav.yml

diff --git a/profile/tasks/post_install/variant.common/clamav.yml b/profile/tasks/post_install/variant.common/clamav.yml
new file mode 100644
index 0000000..7e09a9a
--- /dev/null
+++ b/profile/tasks/post_install/variant.common/clamav.yml
@@ -0,0 +1,34 @@
+---
+- name: Check Whether Clamav Requires Permission To Run With Full Disk Access
+  register: variant_common_fdautil_list_clamav
+  become: true
+  ansible.builtin.command: /usr/local/bin/fdautil list
+  changed_when: false
+
+- name: Grant Clamav Permission To Run With Full Disk Access
+  become: true
+  ansible.builtin.command: /usr/local/bin/fdautil set daemon net.clamav.clamd {{ brew_prefix }}/sbin/clamd --foreground -c {{ clamav_clamd_config_file }}
+  changed_when: true
+  when: "'net.clamav.clamd' not in variant_common_fdautil_list_clamav.stdout"
+  notify:
+    - "Restart Clamd"
+
+- name: Patch Service File Line 1
+  become: true
+  ansible.builtin.lineinfile:
+    path: "/Library/LaunchDaemons/net.clamav.clamd.plist"
+    insertbefore: '^\s+<string>{{ brew_prefix }}/sbin/clamd</string>'
+    line: "      <string>exec</string>"
+    state: present
+  notify:
+    - "Restart Clamd"
+
+- name: Patch Service File Line 2
+  become: true
+  ansible.builtin.lineinfile:
+    path: "/Library/LaunchDaemons/net.clamav.clamd.plist"
+    insertbefore: '^\s+<string>exec</string>'
+    line: "      <string>/usr/local/bin/fdautil</string>"
+    state: present
+  notify:
+    - "Restart Clamd"