{
  den.aspects = {
    clamav = {
      nixos =
      { pkgs, ... }:
      {
        environment.systemPackages = [
          pkgs.clamav
        ];
        services.clamav = {
          daemon = {
            enable = true;
            settings = {
              # logging & performance
              LogFile = "/var/log/clamav/clamd.log";
              LogTime = true;
              LogVerbose = false;
              ExtendedDetectionInfo = true;
              PidFile = "/run/clamav/clamd.pid";
              TemporaryDirectory = "/tmp";
              LocalSocket = "/run/clamav/clamd.ctl";
              # scanning limits
              MaxScanSize = "100M";
              MaxFileSize = "100M";
              MaxRecursion = 16;
              MaxFiles = 10000;
              StreamMaxLength = "25M";
              # heuristics & security
              HeuristicAlerts = true;
              StructuredDataDetection = false;
              ScanPE = true;
              ScanELF = true;
              ScanOLE2 = true;
              ScanPDF = true;
              ScanHTML = true;
              ScanArchive = true;
              # anti phishing
              AlertPhishingSSLMismatch = true;
              AlertPhishingCloak = true;
              DetectPUA = true;
              # bytecode
              Bytecode = true;
              BytecodeSecurity = "Paranoid";
              BytecodeTimeout = 60000;
              # real-time protection
              # ScanOnAccess = true;
              # OnAccessPrevention = true;
              # OnAccessExtraScanning = true;
              # OnAccessExcludeUname = "clamav"; # prevent loop
              # OnAccessIncludePath = [
              #   "/home"
              #   "/tmp"
              # ];
            };
          };
          updater = {
            enable = true;
            interval = "daily";
          };
        };
      };
    };
  };
}