Added clamav notes to the knowledge base

knowledge base/clamav.md

@@ -0,0 +1,53 @@
+# ClamAV
+
+## TL;DR
+
+```shell
+# manually update the virus definitions
+# do it once **before** starting a scan or the daemon
+# the definitions updater deamon must be stopped to avoid complaints from it
+sudo systemctl stop clamav-freshclam \
+  && sudo freshclam \
+  && sudo systemctl enable --now clamav-freshclam
+
+# scan a file or directory
+clamscan path/to/file
+clamscan --recursive path/to/dir
+
+# only return specific files
+clamscan --infected /home/
+clamscan --suppress-ok-results Downloads/
+
+# save results to file
+clamscan --bell -i -r /home -l output.txt
+
+# scan files in a list
+clamscan -i -f /tmp/scan.list
+
+# remove infected files
+clamscan -r --remove /home/user
+clamscan -r -i --move=/home/user/infected /home/
+
+# limit cpu usage
+nice -n 15 clamscan && clamscan --bell -i -r /home
+
+# use multiple threads
+```
+
+## Gotchas
+
+- The `--fdpass` option of `clamdscan` (notice the _d_ in the command) sends a file descriptor to clamd rather than a path name, avoiding the need for the `clamav` user to be able to read everyone's files
+- `clamscan` is designed to be single-threaded, so when scanning a file or directory from the command line only a single CPU thread is used; use `xargs` or another executor to run a scan in parallel:
+
+  ```shell
+  find . -type f -printf "'%p' " | xargs -P $(nproc) -n 1 clamscan
+  find . -type f | parallel --group --jobs 0 -d '\n' clamscan {}
+  ```
+
+## Further readings
+
+- [Install ClamAV on Fedora Linux 35]
+- [Gentoo Wiki]
+
+[gentoo wiki]: https://wiki.gentoo.org/wiki/ClamAV
+[install clamav on fedora linux 35]: https://www.linuxcapable.com/how-to-install-clamav-on-fedora-35/