diff --git a/modules/mail/clamav.nix b/modules/mail/clamav.nix
index bfb8d45..a4c99bc 100644
--- a/modules/mail/clamav.nix
+++ b/modules/mail/clamav.nix
@@ -21,6 +21,9 @@ let
       # --- Real-time / VirusEvent Mode ---
       SUBJECT="Numbus Server Alert: Virus Detected (Real-time)"
       
+      # Retrieve logs from clamav-daemon
+      LOGS=$(journalctl -u clamav-daemon.service -n 50 --no-pager | grep "FOUND")
+
       TECH_BODY="
       ClamAV Real-time Alert:
       Server owner: $OWNER_NAME
@@ -28,6 +31,9 @@ let
       Virus detected: $CLAM_VIRUSEVENT_VIRUSNAME
       File: $CLAM_VIRUSEVENT_FILENAME
       
+      Logs:
+      $LOGS
+      
       Action taken: Access blocked (OnAccessPrevention).
       Please investigate manually.
       "
diff --git a/modules/services/clamav.nix b/modules/services/clamav.nix
index c3d7d24..c481f61 100644
--- a/modules/services/clamav.nix
+++ b/modules/services/clamav.nix
@@ -7,6 +7,14 @@ let
   onAccessPaths = lib.mapAttrsToList (n: v: v.dataDir) (lib.filterAttrs (n: v:
     v ? enable && v.enable && v ? dataDir && v.dataDir != null && v.dataDir != false
   ) config.numbus.services);
+  clamonacc_virus_notifier = pkgs.writeScript "clamonacc_virus_notifier.sh" ''
+    #!${pkgs.bash}/bin/bash
+
+    echo "CLAM_VIRUSEVENT_VIRUSNAME=\"$CLAM_VIRUSEVENT_VIRUSNAME\"" > /var/lib/clamav/virus_event.env
+    echo "CLAM_VIRUSEVENT_FILENAME=\"$CLAM_VIRUSEVENT_FILENAME\"" >> /var/lib/clamav/virus_event.env
+
+    /run/wrappers/bin/sudo /run/current-system/sw/bin/systemctl start clamav-virus-notify.service
+  '';
 in
 
 {
@@ -46,7 +54,7 @@ in
         settings = {
           OnAccessPrevention = true;
           OnAccessIncludePath = onAccessPaths;
-          VirusEvent = "/run/current-system/sw/bin/systemctl start clamav-virus-notify.service";
+          VirusEvent = "${clamonacc_virus_notifier}";
         };
       };
     };