Get periodic scan to work.

modules/services/clamav.nix

@@ -25,6 +25,12 @@ in
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.clamav pkgs.curl ];
 
+    system.activationScripts.clamav-quarantine = ''
+      mkdir -p /quarantine
+      chown clamav:clamav /quarantine
+      chmod 440 /quarantine
+    '';
+
     security.sudo.extraRules = [{
       users = [ "clamav" ];
       commands = [{
@@ -66,7 +72,7 @@ in
       onFailure = [ "clamav-virus-notify.service" ];
       serviceConfig = {
         Type = "oneshot";
-        ExecStart = "${pkgs.clamav}/bin/clamdscan --fdpass --multiscan ${lib.escapeShellArgs onAccessPaths}";
+        ExecStart = "${pkgs.clamav}/bin/clamdscan --verbose --multiscan --move=/quarantine ${lib.escapeShellArgs onAccessPaths}";
         User = "clamav";
         Group = "clamav";
         SupplementaryGroups = [ "users" ];