From bec7b9badb98f2a2310b258136d23f21fd7a2ecb Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Tue, 12 Aug 2025 18:02:17 +0100
Subject: [PATCH] clamav: Setup fangfrisch on Debian 13

---
 cookbooks/clamav/recipes/default.rb           | 54 ++++++++++++++++---
 .../templates/default/fangfrisch.conf.erb     | 17 ++++++
 2 files changed, 65 insertions(+), 6 deletions(-)
 create mode 100644 cookbooks/clamav/templates/default/fangfrisch.conf.erb

diff --git a/cookbooks/clamav/recipes/default.rb b/cookbooks/clamav/recipes/default.rb
index 938b2f5ab..34e25ddb6 100644
--- a/cookbooks/clamav/recipes/default.rb
+++ b/cookbooks/clamav/recipes/default.rb
@@ -22,14 +22,56 @@ include_recipe "accounts"
 package %w[
   clamav-daemon
   clamav-freshclam
-  clamav-unofficial-sigs
 ]
 
-template "/etc/clamav-unofficial-sigs.conf.d/50-chef.conf" do
-  source "clamav-unofficial-sigs.conf.erb"
-  owner "root"
-  group "root"
-  mode "644"
+if platform?("debian") && node[:platform_version].to_i >= 13
+  package "clamav-unofficial-sigs" do
+    action :remove
+  end
+
+  package %w[
+    fangfrisch
+    clamdscan
+  ]
+
+  directory "/var/lib/fangfrisch" do
+    owner "clamav"
+    group "clamav"
+    mode "775"
+  end
+
+  template "/etc/fangfrisch.conf" do
+    source "fangfrisch.conf.erb"
+    owner "root"
+    group "root"
+    mode "644"
+  end
+
+  execute "fangfrisch-initdb" do
+    command "/usr/bin/fangfrisch --conf /etc/fangfrisch.conf initdb"
+    user "clamav"
+    group "clamav"
+    not_if do
+      ::File.exist?("/var/lib/fangfrisch/db.sqlite")
+    end
+  end
+
+  service "fangfrisch.timer" do
+    action [:enable, :start]
+  end
+
+  file "/etc/clamav-unofficial-sigs.conf.d/50-chef.conf" do
+    action :delete
+  end
+else
+  package "clamav-unofficial-sigs"
+
+  template "/etc/clamav-unofficial-sigs.conf.d/50-chef.conf" do
+    source "clamav-unofficial-sigs.conf.erb"
+    owner "root"
+    group "root"
+    mode "644"
+  end
 end
 
 execute "freshclam" do
diff --git a/cookbooks/clamav/templates/default/fangfrisch.conf.erb b/cookbooks/clamav/templates/default/fangfrisch.conf.erb
new file mode 100644
index 000000000..8015182b5
--- /dev/null
+++ b/cookbooks/clamav/templates/default/fangfrisch.conf.erb
@@ -0,0 +1,17 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+[DEFAULT]
+db_url = sqlite:////var/lib/fangfrisch/db.sqlite
+
+local_directory = /var/lib/clamav
+on_update_exec = clamdscan --reload
+on_update_timeout = 42
+
+[interserver]
+enabled = yes
+
+[sanesecurity]
+enabled = yes
+
+[urlhaus]
+enabled = yes
-- 
2.39.5