diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml
index 00e074e..7e85728 100644
--- a/roles/matrix_element/defaults/main.yml
+++ b/roles/matrix_element/defaults/main.yml
@@ -5,8 +5,8 @@
 element_id: element
 
 # Version to deploy, and expected sha256
-element_version: 1.11.40
-element_archive_sha256: 7e0d0263ee2c52401f6f8f0ea2c5b76fef82aaa1860c1b4986235971f7b8b731
+element_version: 1.11.41
+element_archive_sha256: b03e59e4c3da71278f1b79df2469cdc25c250129c7669a0531888a0e1ae41529
 
 # Where to install element
 element_root_dir: /opt/matrix/element
diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml
index 7a84489..46c38e4 100644
--- a/roles/matrix_synapse/defaults/main.yml
+++ b/roles/matrix_synapse/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 # Synapse version to deploy
-synapse_version: '1.91.2'
+synapse_version: '1.92.1'
 
 # Should ansible handle Synapse upgrades ? If false, only initial install will be done
 synapse_manage_upgrade: True
diff --git a/roles/odoo/templates/odoo-server.service.j2 b/roles/odoo/templates/odoo-server.service.j2
index cf88e82..3a0e7be 100644
--- a/roles/odoo/templates/odoo-server.service.j2
+++ b/roles/odoo/templates/odoo-server.service.j2
@@ -17,7 +17,8 @@ SyslogIdentifier=odoo
 Restart=on-failure
 StartLimitInterval=0
 RestartSec=30
-MemoryLimit=2048M
+MemoryHigh=1800M
+MemoryMax=2048M
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/squid/defaults/main.yml b/roles/squid/defaults/main.yml
index fecd60b..576e1bd 100644
--- a/roles/squid/defaults/main.yml
+++ b/roles/squid/defaults/main.yml
@@ -24,11 +24,6 @@ squid_ssl_ports: [ 443, 8006, 8007, 8443, 8448 ]
 # Admin email displayed on denied and error pages
 # squid_admin_email: admin@example.com
 
-# Should we scan content with ClamAV. Default is disabled
-squid_scan_av: True
-# Files bigger than (in bytes) this won't be scanned
-squid_av_max_size: 5000000
-
 squid_servers_ip:
   - 10.0.0.0/8
   - 172.16.0.0/12
diff --git a/roles/squid/files/ufdb.te b/roles/squid/files/ufdb.te
index 6f58d2e..5abaf98 100644
--- a/roles/squid/files/ufdb.te
+++ b/roles/squid/files/ufdb.te
@@ -1,15 +1,17 @@
-module ufdb 1.2;
+module ufdb 1.3;
 
 require {
         type initrc_tmp_t;
         type initrc_t;
         type tmp_t;
         type squid_t;
+        type unconfined_service_t;
         class sock_file write;
         class unix_stream_socket connectto;
 }
 
 #============= squid_t ==============
 allow squid_t initrc_t:unix_stream_socket connectto;
+allow squid_t unconfined_service_t:unix_stream_socket connectto;
 allow squid_t initrc_tmp_t:sock_file write;
 allow squid_t tmp_t:sock_file write;
diff --git a/roles/squid/handlers/main.yml b/roles/squid/handlers/main.yml
index 73998d3..710f45b 100644
--- a/roles/squid/handlers/main.yml
+++ b/roles/squid/handlers/main.yml
@@ -6,12 +6,6 @@
 - name: restart squid
   service: name=squid state=restarted
 
-- name: restart c-icap
-  service: name=c-icap state={{ squid_scan_av | ternary('restarted', 'stopped') }}
-
-- name: restart squid-clamd
-  service: name=squid-clamd state={{ squid_scan_av | ternary('restarted', 'stopped') }}
-
 - name: restart ufdb
   service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} state={{ squid_filter_url | ternary('restarted', 'stopped') }}
 
diff --git a/roles/squid/meta/main.yml b/roles/squid/meta/main.yml
index 2796587..34ea7df 100644
--- a/roles/squid/meta/main.yml
+++ b/roles/squid/meta/main.yml
@@ -1,5 +1,4 @@
 ---
 dependencies:
   - role: httpd_common
-  - role: clamav
   - role: mkdir
diff --git a/roles/squid/tasks/main.yml b/roles/squid/tasks/main.yml
index d4df720..4622e0a 100644
--- a/roles/squid/tasks/main.yml
+++ b/roles/squid/tasks/main.yml
@@ -4,8 +4,6 @@
   yum:
     name:
       - squid
-      - c-icap
-      - squidclamav
       - ufdbGuard
   notify: restart squid
   tags: proxy
@@ -138,43 +136,12 @@
   register: squid_safebrowsing
   tags: proxy
 
-- name: Deploy clamd config
-  template: src=clamd.conf.j2 dest=/etc/clamd.d/squid.conf
-  notify: restart squid-clamd
-  tags: proxy
-
-- name: Deploy clamd systemd unit
-  template: src=squid-clamd.service.j2 dest=/etc/systemd/system/squid-clamd.service
-  register: squid_clam_unit
-  notify: restart squid-clamd
-  tags: proxy
-
-- name: Deploy c-icap configuration
-  template: src=c-icap.conf.j2 dest=/etc/c-icap/c-icap.conf
-  notify: restart c-icap
-  tags: proxy
-
 - name: Create systemd unit snippet dir
   file: path=/etc/systemd/system/{{ item }}.service.d state=directory
   loop:
-    - c-icap
     - squid
   tags: proxy
 
-- name: Deploy a systemd unit snippet for c-icap
-  copy:
-    content: |
-      [Service]
-      User=c-icap
-      Group=c-icap
-      Restart=on-failure
-      StartLimitInterval=0
-      RestartSec=1
-    dest: /etc/systemd/system/c-icap.service.d/user.conf
-  register: squid_c_icap_unit
-  notify: restart c-icap
-  tags: proxy
-
 - name: Deploy a systemd unit snipet for squid
   copy:
     content: |
@@ -186,14 +153,9 @@
   register: squid_unit
   tags: proxy
 
-- name: Deploy squidclamav configuration
-  template: src=squidclamav.conf.j2 dest=/etc/c-icap/squidclamav.conf mode=644
-  notify: restart c-icap
-  tags: proxy
-
 - name: Reload systemd
   command: systemctl daemon-reload
-  when: squid_clam_unit.changed or squid_c_icap_unit.changed or squid_unit.changed
+  when: squid_unit.changed
   tags: proxy
 
 - include_tasks: selinux.yml
@@ -252,14 +214,6 @@
   service: name=squid state=started enabled=True
   tags: proxy
 
-- name: Start and enable c-icap
-  service: name=c-icap state=started enabled=True
-  tags: proxy
-
-- name: Handle squid-clamd daemon
-  service: name=squid-clamd state={{ squid_scan_av | ternary('started','stopped') }} enabled={{ squid_scan_av | ternary(True,False) }}
-  tags: proxy
-
 - name: Handle ufdb daemon
   service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} state={{ squid_filter_url | ternary('started','stopped') }} enabled={{ squid_filter_url | ternary(True,False) }}
   tags: proxy
diff --git a/roles/squid/templates/c-icap.conf.j2 b/roles/squid/templates/c-icap.conf.j2
deleted file mode 100644
index be4257c..0000000
--- a/roles/squid/templates/c-icap.conf.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-ServerAdmin {{ squid_admin_email | default(system_admin_email) | default('admin@' + ansible_domain) }}
-ServerName {{ inventory_hostname }}
-TmpDir /tmp
-MaxMemObject 1048576
-Module logger sys_logger.so
-Logger sys_logger
-DebugLevel 0
-Port 127.0.0.1:1344
-TemplateDir /usr/share/c_icap/templates/
-{% if squid_scan_av %}
-Service squidclamav squidclamav.so
-{% endif %}
-
-MaxKeepAliveRequests 1000
-MaxServers 20
-ThreadsPerChild 50
-MaxRequestsPerChild 100000
diff --git a/roles/squid/templates/clamd.conf.j2 b/roles/squid/templates/clamd.conf.j2
deleted file mode 100644
index c2e3a96..0000000
--- a/roles/squid/templates/clamd.conf.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-LogSyslog yes
-LogVerbose yes
-ExtendedDetectionInfo yes
-LocalSocket /var/run/clamav/squid.sock
-LocalSocketMode 666
-ExitOnOOM yes
-Foreground yes
-DetectBrokenExecutables yes
diff --git a/roles/squid/templates/squid-clamd.service.j2 b/roles/squid/templates/squid-clamd.service.j2
deleted file mode 100644
index 7ae79f5..0000000
--- a/roles/squid/templates/squid-clamd.service.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=ClamAV antivirus daemon for squid
-After=syslog.target network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/sbin/clamd -c /etc/clamd.d/squid.conf
-User=clamav
-Group=clamav
-Restart=on-failure
-PrivateTmp=true
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/roles/squid/templates/squid.conf.j2 b/roles/squid/templates/squid.conf.j2
index e71ee9a..2fd291c 100644
--- a/roles/squid/templates/squid.conf.j2
+++ b/roles/squid/templates/squid.conf.j2
@@ -58,21 +58,6 @@ quick_abort_min -1
 
 max_filedesc 8192
 
-icap_enable on
-icap_send_client_ip on
-icap_send_client_username on
-icap_client_username_encode off
-icap_client_username_header X-Authenticated-User
-icap_preview_enable on
-icap_preview_size 1024
-
-{% if squid_scan_av %}
-icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=off
-adaptation_access service_avi_req allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_req av_src
-icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squidclamav bypass=on
-adaptation_access service_avi_resp allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_rep av_src
-{% endif %}
-
 {% if squid_filter_url %}
 url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
 url_rewrite_program /usr/sbin/ufdbgclient -m 4 -l /var/log/squid/