add clamav docs

active/software_clamav/scan.conf

@@ -1,3 +1,8 @@
+# ClamAV will refuse to scan files above 2G regardless of what this is set to
+MaxFileSize 2G
+# MaxScanSize controls how much of an archive is unpacked
+MaxScanSize 64G
+
 LogFileMaxSize 50M
 LogTime yes
 LogSyslog yes
@@ -15,6 +20,7 @@ MaxDirectoryRecursion 20
 User clamscan
 
 Bytecode yes
+HeuristicAlerts yes
 DetectPUA yes
 ScanPE yes
 ScanELF yes
@@ -24,8 +30,12 @@ ScanOLE2 yes
 
 AlertBrokenExecutables no
 AlertBrokenMedia no
-AlertOLE2Macros yes
-AlertPartitionIntersection yes
+AlertEncrypted no
+AlertEncryptedArchive no
+AlertEncryptedDoc no
+AlertOLE2Macros no
+AlertPartitionIntersection no
+AlertExceedsMax yes
 
 ScanPDF yes
 ScanSWF yes
@@ -33,14 +43,20 @@ ScanXMLDOCS yes
 ScanHWP3 yes
 ScanArchive yes
 
-OnAccessIncludePath /home/ducoterra
-OnAccessIncludePath /opt
-OnAccessIncludePath /var
-OnAccessIncludePath /usr
-OnAccessIncludePath /etc
+# These are just examples, add what you think should be protected.
+OnAccessIncludePath /home/ducoterra/Downloads
+OnAccessIncludePath /home/ducoterra/Projects
+OnAccessIncludePath /home/ducoterra/Applications
+OnAccessIncludePath /home/ducoterra/AUR
+
+# Prevention doesn't work with OnAccessMountPath.
+# It works with OnAccessIncludePath, as long as /usr and /etc are not included.
+# Including /var while activating prevention is also not recommended, because
+# this would slow down package installation by a factor of 1000.
+OnAccessPrevention yes
 
 OnAccessExcludeUname clamupdate
 OnAccessExcludeUname clamscan
-OnAccessMaxFileSize 5M
-OnAccessPrevention yes
-OnAccessExtraScanning yes
+OnAccessExtraScanning yes
+
+VirusEvent /etc/clamav/virus-event.bash