diff --git a/defaults/main.yml b/defaults/main.yml
index 1d190eeacfa6251123e58a929422ebc687fbc1e2..561cd7ceaeb3439f12ff50c92d23af0da6ddd03c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,3 +6,7 @@ smb_users:
     passwd: "tiiiestuser1"
 
 smb_interface: eth0
+
+sophos_pkg: http://artifactory.esss.lu.se/artifactory/swi-pkg/sophos/sophos-av.9.15.1.tar.bz2
+#sophos_install_opts: "--update-free --acceptlicence --autostart=true --enableOnBoot=true --automatic --ignore-existing-installation --update-source-type=f --update-proxy-address=http://192.0.2.13:8888/ --update-period=1 --preferFanotify=true"
+sophos_install_opts: "--update-free --acceptlicence --autostart=true --enableOnBoot=true --automatic --ignore-existing-installation --update-source-type=f --update-period=1 --preferFanotify=true"
diff --git a/files/bytecode.cvd b/files/bytecode.cvd
deleted file mode 100644
index 5d394264ea21b8e3a44966901ea06d207dd1ff1e..0000000000000000000000000000000000000000
Binary files a/files/bytecode.cvd and /dev/null differ
diff --git a/files/daily.cvd b/files/daily.cvd
deleted file mode 100644
index cf88844f9f03c2c990f7e0503d4015110ef3498b..0000000000000000000000000000000000000000
Binary files a/files/daily.cvd and /dev/null differ
diff --git a/files/main.cvd b/files/main.cvd
deleted file mode 100644
index ffb1af1f3fef864526bd37693c2159bd83bfc0d1..0000000000000000000000000000000000000000
Binary files a/files/main.cvd and /dev/null differ
diff --git a/files/scan.conf b/files/scan.conf
deleted file mode 100644
index d46a7dd73b38bdf7f8b50cffdde1551a92072505..0000000000000000000000000000000000000000
--- a/files/scan.conf
+++ /dev/null
@@ -1,729 +0,0 @@
-##
-## Example config file for the Clam AV daemon
-## Please read the clamd.conf(5) manual before editing this file.
-##
-
-
-
-# Uncomment this option to enable logging.
-# LogFile must be writable for the user running daemon.
-# A full path is required.
-# Default: disabled
-#LogFile /var/log/clamd.scan
-
-# By default the log file is locked for writing - the lock protects against
-# running clamd multiple times (if want to run another clamd, please
-# copy the configuration file, change the LogFile variable, and run
-# the daemon with --config-file option).
-# This option disables log file locking.
-# Default: no
-#LogFileUnlock yes
-
-# Maximum size of the log file.
-# Value of 0 disables the limit.
-# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
-# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
-# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
-# rotation (the LogRotate option) will always be enabled.
-# Default: 1M
-LogFileMaxSize 0
-
-# Log time with each message.
-# Default: no
-#LogTime yes
-
-# Also log clean files. Useful in debugging but drastically increases the
-# log size.
-# Default: no
-#LogClean yes
-
-# Use system logger (can work together with LogFile).
-# Default: no
-LogSyslog yes
-
-# Specify the type of syslog messages - please refer to 'man syslog'
-# for facility names.
-# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
-
-# Enable verbose logging.
-# Default: no
-LogVerbose yes
-
-# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
-# Default: no
-#LogRotate yes
-
-# Enable Prelude output.
-# Default: no
-#PreludeEnable yes
-#
-# Set the name of the analyzer used by prelude-admin.
-# Default: ClamAV
-#PreludeAnalyzerName ClamAV
-
-# Log additional information about the infected file, such as its
-# size and hash, together with the virus name.
-#ExtendedDetectionInfo yes
-
-# This option allows you to save a process identifier of the listening
-# daemon (main thread).
-# Default: disabled
-#PidFile /var/run/clamd.scan/clamd.pid
-
-# Optional path to the global temporary directory.
-# Default: system specific (usually /tmp or /var/tmp).
-#TemporaryDirectory /var/tmp
-
-# Path to the database directory.
-# Default: hardcoded (depends on installation options)
-#DatabaseDirectory /var/lib/clamav
-
-# Only load the official signatures published by the ClamAV project.
-# Default: no
-#OfficialDatabaseOnly no
-
-# The daemon can work in local mode, network mode or both. 
-# Due to security reasons we recommend the local mode.
-
-# Path to a local socket file the daemon will listen on.
-# Default: disabled (must be specified by a user)
-LocalSocket /run/clamd.scan/clamd.sock
-
-# Sets the group ownership on the unix socket.
-# Default: disabled (the primary group of the user running clamd)
-#LocalSocketGroup virusgroup
-
-# Sets the permissions on the unix socket to the specified mode.
-# Default: disabled (socket is world accessible)
-#LocalSocketMode 660
-
-# Remove stale socket after unclean shutdown.
-# Default: yes
-#FixStaleSocket yes
-
-# TCP port address.
-# Default: no
-#TCPSocket 3310
-
-# TCP address.
-# By default we bind to INADDR_ANY, probably not wise.
-# Enable the following to provide some degree of protection
-# from the outside world. This option can be specified multiple
-# times if you want to listen on multiple IPs. IPv6 is now supported.
-# Default: no
-#TCPAddr 127.0.0.1
-
-# Maximum length the queue of pending connections may grow to.
-# Default: 200
-#MaxConnectionQueueLength 30
-
-# Clamd uses FTP-like protocol to receive data from remote clients.
-# If you are using clamav-milter to balance load between remote clamd daemons
-# on firewall servers you may need to tune the options below.
-
-# Close the connection when the data size limit is exceeded.
-# The value should match your MTA's limit for a maximum attachment size.
-# Default: 25M
-#StreamMaxLength 10M
-
-# Limit port range.
-# Default: 1024
-#StreamMinPort 30000
-# Default: 2048
-#StreamMaxPort 32000
-
-# Maximum number of threads running at the same time.
-# Default: 10
-#MaxThreads 20
-
-# Waiting for data from a client socket will timeout after this time (seconds).
-# Default: 120
-#ReadTimeout 300
-
-# This option specifies the time (in seconds) after which clamd should
-# timeout if a client doesn't provide any initial command after connecting.
-# Default: 30
-#CommandReadTimeout 30
-
-# This option specifies how long to wait (in milliseconds) if the send buffer
-# is full.
-# Keep this value low to prevent clamd hanging
-#
-# Default: 500
-#SendBufTimeout 200
-
-# Maximum number of queued items (including those being processed by
-# MaxThreads threads)
-# It is recommended to have this value at least twice MaxThreads if possible.
-# WARNING: you shouldn't increase this too much to avoid running out  of file
-# descriptors,
-# the following condition should hold:
-# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual
-# max is 1024)
-#
-# Default: 100
-#MaxQueue 200
-
-# Waiting for a new job will timeout after this time (seconds).
-# Default: 30
-#IdleTimeout 60
-
-# Don't scan files and directories matching regex
-# This directive can be used multiple times
-# Default: scan all
-#ExcludePath ^/proc/
-#ExcludePath ^/sys/
-
-# Maximum depth directories are scanned at.
-# Default: 15
-#MaxDirectoryRecursion 20
-
-# Follow directory symlinks.
-# Default: no
-#FollowDirectorySymlinks yes
-
-# Follow regular file symlinks.
-# Default: no
-#FollowFileSymlinks yes
-
-# Scan files and directories on other filesystems.
-# Default: yes
-#CrossFilesystems yes
-
-# Perform a database check.
-# Default: 600 (10 min)
-#SelfCheck 600
-
-# Execute a command when virus is found. In the command string %v will
-# be replaced with the virus name.
-# Default: no
-#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
-
-# Run as another user (clamd must be started by root for this option to work)
-# Default: don't drop privileges
-#User clamscan
-User root
-
-# Stop daemon when libclamav reports out of memory condition.
-#ExitOnOOM yes
-
-# Don't fork into background.
-# Default: no
-#Foreground yes
-
-# Enable debug messages in libclamav.
-# Default: no
-#Debug yes
-
-# Do not remove temporary files (for debug purposes).
-# Default: no
-#LeaveTemporaryFiles yes
-
-# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
-# any ALLMATCHSCAN command as invalid.
-# Default: yes
-#AllowAllMatchScan no
-
-# Detect Possibly Unwanted Applications.
-# Default: no
-#DetectPUA yes
-
-# Exclude a specific PUA category. This directive can be used multiple times.
-# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for 
-# the complete list of PUA categories.
-# Default: Load all categories (if DetectPUA is activated)
-#ExcludePUA NetTool
-#ExcludePUA PWTool
-
-# Only include a specific PUA category. This directive can be used multiple
-# times.
-# Default: Load all categories (if DetectPUA is activated)
-#IncludePUA Spy
-#IncludePUA Scanner
-#IncludePUA RAT
-
-# This option causes memory or nested map scans to dump the content to disk.
-# If you turn on this option, more data is written to disk and is available
-# when the LeaveTemporaryFiles option is enabled.
-#ForceToDisk yes
-
-# This option allows you to disable the caching feature of the engine. By
-# default, the engine will store an MD5 in a cache of any files that are
-# not flagged as virus or that hit limits checks. Disabling the cache will
-# have a negative performance impact on large scans.
-# Default: no
-#DisableCache yes
-
-# In some cases (eg. complex malware, exploits in graphic files, and others),
-# ClamAV uses special algorithms to detect abnormal patterns and behaviors that
-# may be malicious.  This option enables alerting on such heuristically
-# detected potential threats.
-# Default: yes
-#HeuristicAlerts yes
-
-# Allow heuristic alerts to take precedence.
-# When enabled, if a heuristic scan (such as phishingScan) detects
-# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
-# scan-time.
-# When disabled, virus/phish detected by heuristic scans will be reported only at
-# the end of a scan. If an archive contains both a heuristically detected
-# virus/phish, and a real malware, the real malware will be reported
-#
-# Keep this disabled if you intend to handle "*.Heuristics.*" viruses 
-# differently from "real" malware.
-# If a non-heuristically-detected virus (signature-based) is found first, 
-# the scan is interrupted immediately, regardless of this config option.
-#
-# Default: no
-#HeuristicScanPrecedence yes
-
-
-##
-## Heuristic Alerts
-##
-
-# With this option clamav will try to detect broken executables (both PE and
-# ELF) and alert on them with the Broken.Executable heuristic signature.
-# Default: no
-#AlertBrokenExecutables yes
-
-# Alert on encrypted archives _and_ documents with heuristic signature (encrypted .zip, .7zip, .rar, .pdf).
-# Default: no
-#AlertEncrypted yes
-
-# Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, .rar).
-# Default: no
-#AlertEncryptedArchive yes
-
-# Alert on encrypted archives with heuristic signature (encrypted .pdf).
-# Default: no
-#AlertEncryptedDoc yes
-
-# With this option enabled OLE2 files containing VBA macros, which were not
-# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
-# Default: no
-#AlertOLE2Macros yes
-
-# Alert on SSL mismatches in URLs, even if the URL isn't in the database.
-# This can lead to false positives.
-# Default: no
-#AlertPhishingSSLMismatch yes
-
-# Alert on cloaked URLs, even if URL isn't in database.
-# This can lead to false positives.
-# Default: no
-#AlertPhishingCloak yes
-
-# Alert on raw DMG image files containing partition intersections
-# Default: no
-#AlertPartitionIntersection yes
-
-
-##
-## Executable files
-##
-
-# PE stands for Portable Executable - it's an executable file format used
-# in all 32 and 64-bit versions of Windows operating systems. This option
-# allows ClamAV to perform a deeper analysis of executable files and it's also
-# required for decompression of popular executable packers such as UPX, FSG,
-# and Petite. If you turn off this option, the original files will still be
-# scanned, but without additional processing.
-# Default: yes
-#ScanPE yes
-
-# Certain PE files contain an authenticode signature. By default, we check
-# the signature chain in the PE file against a database of trusted and
-# revoked certificates if the file being scanned is marked as a virus.
-# If any certificate in the chain validates against any trusted root, but
-# does not match any revoked certificate, the file is marked as whitelisted.
-# If the file does match a revoked certificate, the file is marked as virus.
-# The following setting completely turns off authenticode verification.
-# Default: no
-#DisableCertCheck yes
-
-# Executable and Linking Format is a standard format for UN*X executables.
-# This option allows you to control the scanning of ELF files.
-# If you turn off this option, the original files will still be scanned, but
-# without additional processing.
-# Default: yes
-#ScanELF yes
-
-
-##
-## Documents
-##
-
-# This option enables scanning of OLE2 files, such as Microsoft Office
-# documents and .msi files.
-# If you turn off this option, the original files will still be scanned, but
-# without additional processing.
-# Default: yes
-#ScanOLE2 yes
-
-# This option enables scanning within PDF files.
-# If you turn off this option, the original files will still be scanned, but
-# without decoding and additional processing.
-# Default: yes
-#ScanPDF yes
-
-# This option enables scanning within SWF files.
-# If you turn off this option, the original files will still be scanned, but
-# without decoding and additional processing.
-# Default: yes
-#ScanSWF yes
-
-# This option enables scanning xml-based document files supported by libclamav.
-# If you turn off this option, the original files will still be scanned, but
-# without additional processing.
-# Default: yes
-#ScanXMLDOCS yes
-
-# This option enables scanning of HWP3 files.
-# If you turn off this option, the original files will still be scanned, but
-# without additional processing.
-# Default: yes
-#ScanHWP3 yes
-
-
-##
-## Mail files
-##
-
-# Enable internal e-mail scanner.
-# If you turn off this option, the original files will still be scanned, but
-# without parsing individual messages/attachments.
-# Default: yes
-#ScanMail yes
-
-# Scan RFC1341 messages split over many emails.
-# You will need to periodically clean up $TemporaryDirectory/clamav-partial
-# directory.
-# WARNING: This option may open your system to a DoS attack.
-#	   Never use it on loaded servers.
-# Default: no
-#ScanPartialMessages yes
-
-# With this option enabled ClamAV will try to detect phishing attempts by using
-# HTML.Phishing and Email.Phishing NDB signatures.
-# Default: yes
-#PhishingSignatures no
-
-# With this option enabled ClamAV will try to detect phishing attempts by
-# analyzing URLs found in emails using WDB and PDB signature databases.
-# Default: yes
-#PhishingScanURLs no
-
-
-##
-## Data Loss Prevention (DLP)
-##
-
-# Enable the DLP module
-# Default: No
-#StructuredDataDetection yes
-
-# This option sets the lowest number of Credit Card numbers found in a file
-# to generate a detect.
-# Default: 3
-#StructuredMinCreditCardCount 5
-
-# This option sets the lowest number of Social Security Numbers found
-# in a file to generate a detect.
-# Default: 3
-#StructuredMinSSNCount 5
-
-# With this option enabled the DLP module will search for valid
-# SSNs formatted as xxx-yy-zzzz
-# Default: yes
-#StructuredSSNFormatNormal yes
-
-# With this option enabled the DLP module will search for valid
-# SSNs formatted as xxxyyzzzz
-# Default: no
-#StructuredSSNFormatStripped yes
-
-
-##
-## HTML
-##
-
-# Perform HTML normalisation and decryption of MS Script Encoder code.
-# Default: yes
-# If you turn off this option, the original files will still be scanned, but
-# without additional processing.
-#ScanHTML yes
-
-
-##
-## Archives
-##
-
-# ClamAV can scan within archives and compressed files.
-# If you turn off this option, the original files will still be scanned, but
-# without unpacking and additional processing.
-# Default: yes
-#ScanArchive yes
-
-
-##
-## Limits
-##
-
-# The options below protect your system against Denial of Service attacks
-# using archive bombs.
-
-# This option sets the maximum amount of data to be scanned for each input
-# file.
-# Archives and other containers are recursively extracted and scanned up to
-# this value.
-# Value of 0 disables the limit
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 100M
-#MaxScanSize 150M
-
-# Files larger than this limit won't be scanned. Affects the input file itself
-# as well as files contained inside it (when the input file is an archive, a
-# document or some other kind of container).
-# Value of 0 disables the limit.
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 25M
-#MaxFileSize 30M
-
-# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
-# file, all files within it will also be scanned. This options specifies how
-# deeply the process should be continued.
-# Note: setting this limit too high may result in severe damage to the system.
-# Default: 16
-#MaxRecursion 10
-
-# Number of files to be scanned within an archive, a document, or any other
-# container file.
-# Value of 0 disables the limit.
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 10000
-#MaxFiles 15000
-
-# Maximum size of a file to check for embedded PE. Files larger than this value
-# will skip the additional analysis step.
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 10M
-#MaxEmbeddedPE 10M
-
-# Maximum size of a HTML file to normalize. HTML files larger than this value
-# will not be normalized or scanned.
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 10M
-#MaxHTMLNormalize 10M
-
-# Maximum size of a normalized HTML file to scan. HTML files larger than this
-# value after normalization will not be scanned.
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 2M
-#MaxHTMLNoTags 2M
-
-# Maximum size of a script file to normalize. Script content larger than this
-# value will not be normalized or scanned.
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 5M
-#MaxScriptNormalize 5M
-
-# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
-# than this value will skip the step to potentially reanalyze as PE.
-# Note: disabling this limit or setting it too high may result in severe damage
-# to the system.
-# Default: 1M
-#MaxZipTypeRcg 1M
-
-# This option sets the maximum number of partitions of a raw disk image to be
-# scanned.
-# Raw disk images with more partitions than this value will have up to
-# the value number partitions scanned. Negative values are not allowed.
-# Note: setting this limit too high may result in severe damage or impact
-# performance.
-# Default: 50
-#MaxPartitions 128
-
-# This option sets the maximum number of icons within a PE to be scanned.
-# PE files with more icons than this value will have up to the value number
-# icons scanned.
-# Negative values are not allowed.
-# WARNING: setting this limit too high may result in severe damage or impact
-# performance.
-# Default: 100
-#MaxIconsPE 200
-
-# This option sets the maximum recursive calls for HWP3 parsing during
-# scanning. HWP3 files using more than this limit will be terminated and
-# alert the user.
-# Scans will be unable to scan any HWP3 attachments if the recursive limit
-# is reached.
-# Negative values are not allowed.
-# WARNING: setting this limit too high may result in severe damage or impact
-# performance.
-# Default: 16
-#MaxRecHWP3 16
-
-# This option sets the maximum calls to the PCRE match function during
-# an instance of regex matching.
-# Instances using more than this limit will be terminated and alert the user
-# but the scan will continue.
-# For more information on match_limit, see the PCRE documentation.
-# Negative values are not allowed.
-# WARNING: setting this limit too high may severely impact performance.
-# Default: 100000
-#PCREMatchLimit 20000
-
-# This option sets the maximum recursive calls to the PCRE match function
-# during an instance of regex matching.
-# Instances using more than this limit will be terminated and alert the user
-# but the scan will continue.
-# For more information on match_limit_recursion, see the PCRE documentation.
-# Negative values are not allowed and values > PCREMatchLimit are superfluous.
-# WARNING: setting this limit too high may severely impact performance.
-# Default: 2000
-#PCRERecMatchLimit 10000
-
-# This option sets the maximum filesize for which PCRE subsigs will be
-# executed. Files exceeding this limit will not have PCRE subsigs executed
-# unless a subsig is encompassed to a smaller buffer.
-# Negative values are not allowed.
-# Setting this value to zero disables the limit.
-# WARNING: setting this limit too high or disabling it may severely impact
-# performance.
-# Default: 25M
-#PCREMaxFileSize 100M
-
-# When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or
-# MaxRecursion limit will be flagged with the virus
-# "Heuristics.Limits.Exceeded".
-# Default: no
-#AlertExceedsMax yes
-
-
-##
-## On-access Scan Settings
-##
-
-# Enable on-access scanning. Currently, this is supported via fanotify.
-# Clamuko/Dazuko support has been deprecated.
-# Default: no
-#ScanOnAccess yes
-
-# Set the  mount point to be scanned. The mount point specified, or the mount
-# point containing the specified directory will be watched. If any directories
-# are specified, this option will preempt the DDD system. This will notify
-# only. It can be used multiple times.
-# (On-access scan only)
-# Default: disabled
-#OnAccessMountPath /
-#OnAccessMountPath /home/user
-
-# Don't scan files larger than OnAccessMaxFileSize
-# Value of 0 disables the limit.
-# Default: 5M
-#OnAccessMaxFileSize 10M
-
-# Set the include paths (all files inside them will be scanned). You can have
-# multiple OnAccessIncludePath directives but each directory must be added
-# in a separate line. (On-access scan only)
-# Default: disabled
-#OnAccessIncludePath /home
-#OnAccessIncludePath /students
-
-# Set the exclude paths. All subdirectories are also excluded.
-# (On-access scan only)
-# Default: disabled
-#OnAccessExcludePath /home/bofh
-
-# With this option you can whitelist the root UID (0). Processes run under
-# root with be able to access all files without triggering scans or
-# permission denied events.
-# Note that if clamd cannot check the uid of the process that generated an
-# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
-# the process already exited), clamd will perform a scan.  Thus, setting
-# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
-# root user from triggering a scan (unless OnAccessPrevention is enabled).
-# Default: no
-#OnAccessExcludeRootUID no
-
-# With this option you can whitelist specific UIDs. Processes with these UIDs
-# will be able to access all files without triggering scans or permission
-# denied events.
-# This option can be used multiple times (one per line).
-# Using a value of 0 on any line will disable this option entirely.
-# To whitelist the root UID (0) please enable the OnAccessExcludeRootUID
-# option.
-# Also note that if clamd cannot check the uid of the process that generated an
-# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
-# the process already exited), clamd will perform a scan.  Thus, setting
-# OnAccessExcludeUID is not *guaranteed* to prevent every access by the
-# specified uid from triggering a scan (unless OnAccessPrevention is enabled).
-# Default: disabled
-#OnAccessExcludeUID -1
-
-# Toggles dynamic directory determination. Allows for recursively watching
-# include paths.
-# (On-access scan only)
-# Default: no
-#OnAccessDisableDDD yes
-
-# Modifies fanotify blocking behaviour when handling permission events.
-# If off, fanotify will only notify if the file scanned is a virus,
-# and not perform any blocking.
-# (On-access scan only)
-# Default: no
-#OnAccessPrevention yes
-
-# Toggles extra scanning and notifications when a file or directory is
-# created or moved.
-# Requires the  DDD system to kick-off extra scans.
-# NOTE:  This feature is disabled until a thread resource leak bug
-#        in the OnAccessExtraScanning code can be resolved.
-# (On-access scan only)
-# Default: no
-#OnAccessExtraScanning yes
-
-##
-## Bytecode
-##
-
-# With this option enabled ClamAV will load bytecode from the database. 
-# It is highly recommended you keep this option on, otherwise you'll miss
-# detections for many new viruses.
-# Default: yes
-#Bytecode yes
-
-# Set bytecode security level.
-# Possible values:
-#   None -      No security at all, meant for debugging.
-#               DO NOT USE THIS ON PRODUCTION SYSTEMS.
-#               This value is only available if clamav was built
-#               with --enable-debug!
-#   TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert
-#               runtime safety checks for bytecode loaded from other sources.
-#   Paranoid -  Don't trust any bytecode, insert runtime checks for all.
-# Recommended: TrustSigned, because bytecode in .cvd files already has these
-# checks.
-# Note that by default only signed bytecode is loaded, currently you can only
-# load unsigned bytecode in --enable-debug mode.
-#
-# Default: TrustSigned
-#BytecodeSecurity TrustSigned
-
-# Set bytecode timeout in milliseconds.
-# 
-# Default: 5000
-# BytecodeTimeout 1000
-
-##
-## Statistics gathering and submitting
-##
diff --git a/handlers/main.yml b/handlers/main.yml
index 232f64fdf24296f6cf1103dec344962f473f145f..03800078c958792cf36aa4a6d8f9875e3b474f03 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -6,3 +6,9 @@
   with_items:
     - smb
     - nmb
+
+- name: setup_sophos
+  command: "/opt/sophos-av/bin/savconfig set {{ item.key }} {{ item.value}}"
+  with_items:
+    - { key: 'AutomaticAction', value: 'delete' }
+    - { key: 'ScanArchives', value: 'enabled' }
diff --git a/tasks/main.yml b/tasks/main.yml
index 0a893b376a9276ae2c41bde49979e291fcdbef81..6c71f3252719422450f0c776ae5518d7c5c2bb94 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,27 +5,8 @@
     state: present
   with_items:
     - samba
-    - clamd
-
-- name: copy clamav initial DB
-  copy:
-    src: "{{ item }}"
-    dest: "/var/lib/clamav/{{ item }}"
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - bytecode.cvd
-    - daily.cvd
-    - main.cvd
-
-- name: copy clamd config file
-  copy:
-    src: "scan.conf"
-    dest: "/etc/clamd.d/scan.conf"
-    owner: root
-    group: root
-    mode: 0755
+    - bzip2
+    - tar
 
 - name: setup smb.conf
   template:
@@ -44,7 +25,6 @@
   with_items:
     - smb
     - nmb
-    - clamd@scan
 
 - name: create local user
   user:
@@ -66,3 +46,19 @@
   changed_when: "'Added user' in create_user_output.stdout"
   when: user_created.changed
   tags: skip_ansible_lint
+
+- name: untar sophos archive
+  unarchive:
+    src: "{{ sophos_pkg }}"
+    dest: /tmp/
+    creates: /tmp/sophos-av/install.sh
+    remote_src: true
+
+- name: install sophos
+  command: "/tmp/sophos-av/install.sh /opt/sophos-av/ {{ sophos_install_opts }}"
+  args:
+    creates: /opt/sophos-av/bin/savscan 
+  register: sophos_installed
+  #changed_when: "'already exists. Please specify a different directory.' not in sophos_installed.stdout"
+  tags: skip_ansible_lint
+  notify: setup_sophos