diff --git a/modules/networking/firewall.nix b/modules/networking/firewall.nix
index 355a5c5..b70fc6e 100644
--- a/modules/networking/firewall.nix
+++ b/modules/networking/firewall.nix
@@ -9,5 +9,13 @@
       allowedTCPPorts = [ 53 80 443 ];
       allowedUDPPorts = [ 53 443 ];
     };
+    extraCommands = ''
+      # Accept HTTPS from podman network
+      ${pkgs.nftables}/bin/nft add rule inet filter input ip saddr 10.89.0.0/16 tcp dport 443 ct state new,established accept || true
+      ${pkgs.nftables}/bin/nft add rule inet filter input ip saddr 192.168.11.0/24 tcp dport 443 ct state new,established accept || true
+      ${pkgs.nftables}/bin/nft add rule inet filter input ip saddr 192.168.27.0/24 tcp dport 443 ct state new,established accept || true
+      # Accept established responses
+      ${pkgs.nftables}/bin/nft add rule inet filter input ct state established,related accept || true
+    '';
   };
 }
\ No newline at end of file
diff --git a/modules/services/clamav.nix b/modules/services/clamav.nix
index e69de29..3ea4883 100644
--- a/modules/services/clamav.nix
+++ b/modules/services/clamav.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+{
+environment.systemPackages = [ pkgs.clamav pkgs.curl ];
+
+services.clamav = {
+  updater.enable = true;
+  daemon.enable = true;
+
+  scanner = {
+    enable = true;
+    interval = "*-*-* 04:00:00"; # Everyday at 4am
+    scanDirectories = [
+      "/etc"
+      "/home"
+      "/var/lib"
+      "/var/tmp"
+      "/tmp"
+    ];
+  };
+
+
+  clamonacc.enable = true;
+
+  daemon.settings = {
+    OnAccessPrevention = true;
+    OnAccessIncludePath = "/mnt/data";
+  };
+};
+
+services.clamav.daemon.enable = true;
+services.clamav.updater.enable = true;
+services.clamav.clamonacc.enable = true;
+}
\ No newline at end of file