From 331b686bae13a1342c6dabe5f1f3c901f2ce46a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= <admin@numbus.eu>
Date: Sun, 1 Mar 2026 19:11:39 +0100
Subject: [PATCH] Get periodic scan to work.

---
 modules/services/clamav.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/services/clamav.nix b/modules/services/clamav.nix
index c481f61..ecb0a00 100644
--- a/modules/services/clamav.nix
+++ b/modules/services/clamav.nix
@@ -25,6 +25,12 @@ in
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.clamav pkgs.curl ];
 
+    system.activationScripts.clamav-quarantine = ''
+      mkdir -p /quarantine
+      chown clamav:clamav /quarantine
+      chmod 440 /quarantine
+    '';
+
     security.sudo.extraRules = [{
       users = [ "clamav" ];
       commands = [{
@@ -66,7 +72,7 @@ in
       onFailure = [ "clamav-virus-notify.service" ];
       serviceConfig = {
         Type = "oneshot";
-        ExecStart = "${pkgs.clamav}/bin/clamdscan --fdpass --multiscan ${lib.escapeShellArgs onAccessPaths}";
+        ExecStart = "${pkgs.clamav}/bin/clamdscan --verbose --multiscan --move=/quarantine ${lib.escapeShellArgs onAccessPaths}";
         User = "clamav";
         Group = "clamav";
         SupplementaryGroups = [ "users" ];