It installs a pacman hook, so it hooks itself into the pre-install part of the process.
Do you need an electron-based (basically an embedded web-browser) gui for clamav?
The cli tool is in the repos.
Electron 17 is ancient. It went out of support in 2022.
There is no way I would install that.
installed clamav from /extra and after install I typed clamav into terminal. Nothing. I typed clam and it wasn’t even in menu. I thought “do I really have to reboot for clam? I don’t have time for this” so I uninstalled it…
I was going to say RTFM! Ooops, I just did, sorry 
Traur also considers the Maldet tool as “Sketchy.”
After the recent AUR Troubles my current paranoia level is Moderate so I’m just trying to get a scan done but I’m beating my head against wall instead… 
edit: did install /extra clamtk but I scanned /home and it was over in like 1/10th of a second and I thought “you go to be kidding this is a joke.” 1/10th? Really?
The command should be clamscan -r <path> right?
And I think for the first time, need to update database using sudo freshclam command.
eureka! it’s going to town now.
these things were not apparent when I did a clamav --help so next time I must rtfm 
thanks @dirn !
You’re welcome
Did you do a sudo freshclam first to update the creepware definitions before unleashing it on the town?
I couldn’t help it so here it is, the Fine manual:
also @dirn
followup:
took about an hour. this app has changed since I last used it.
Some piece of mind.
[MODS: Off-topic, sorry]
Was previously running maldet but traur seems more apropos to the current situation and a “nice to have” going forward, thanks. Did find one concerning hit in my traur scan as well…
traur: xwaylandvideobridge (trust: 68/100)
Trust: OK
Negative signals:
P-CHECKSUM-MISMATCH: checksum count mismatch: source has 1 entries but sha256sums has 2
M-OUT-OF-DATE: Package is flagged as out of date
B-SUBMITTER-CHANGED: Package maintainer (expresso) differs from original submitter (arojas)
! B-ORPHAN-TAKEOVER: Adopted package with new git author (CloverGit) — orphan takeover pattern
T-AUTHOR-CHANGE: Git history shows multiple different authors
Going back to the source on this one shows the original author sunsetted this package (https://invent.kde.org/sysadmin/repo-metadata/-/work_items/23#note_1129452). It’s no longer needed. Fortunately, my version of the package hasn’t updated since December. The “-git” version, however, did update last April. While my package does not appear compromised, it looks like a good candidate to compromise.
Not seeing anything in the PKGBUILD that looks out of sorts (https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=xwaylandvideobridge). Even so, uninstalled from my machine so, good pickup from traur.
Here’s mine:
~ ❯ traur scan
zsh: correct 'traur' to 'true' [nyae]? n
Fetching package metadata for 14 installed packages...
Skipping 3 not on AUR: python-pywlroots, traur-debug, wlroots0.17
Scanning 11 AUR packages...
Fetching maintainer data for 11 unique maintainers...
=== traur scan results ===
Scanned: 11 packages (0 errors)
TRUSTED: 8 OK: 3 SKETCHY: 0 SUSPICIOUS: 0 MALICIOUS: 0
=== 11 packages ===
traur: traur (trust: 77/100)
Trust: OK
Negative signals:
! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)
traur: flat-remix-gtk (trust: 77/100)
Trust: OK
Negative signals:
P-SKIP-ALL: All checksums are SKIP (no integrity verification)
B-MAINTAINER-SINGLE: Maintainer has only 1 package
B-SUBMITTER-CHANGED: Package maintainer (AurelienDuval6) differs from original submitter (daniruiz)
T-AUTHOR-CHANGE: Git history shows multiple different authors
traur: hyphen-pl (trust: 80/100)
Trust: OK
Negative signals:
P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
M-VOTES-LOW: Package has very few votes (4)
B-SUBMITTER-CHANGED: Package maintainer (jack8472) differs from original submitter (xyproto)
T-AUTHOR-CHANGE: Git history shows multiple different authors
! T-DIFF-SOURCE-DOMAIN-CHANGED: Source URLs changed to new domain(s): raw.githubusercontent.com
traur: mp3gain (trust: 81/100)
Trust: TRUSTED
Negative signals:
P-HTTP-SOURCE: Plain HTTP source URL (no TLS, MITM risk)
P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
B-SUBMITTER-CHANGED: Package maintainer (rtfm3514) differs from original submitter (Barthalion)
T-AUTHOR-CHANGE: Git history shows multiple different authors
traur: zaread-git (trust: 86/100)
Trust: TRUSTED
Negative signals:
B-MAINTAINER-SINGLE: Maintainer has only 1 package
B-SUBMITTER-CHANGED: Package maintainer (riven04) differs from original submitter (TheOPtimal)
T-AUTHOR-CHANGE: Git history shows multiple different authors
T-DIFF-MAJOR-REWRITE: 56% of PKGBUILD lines changed (unusual for version bump)
traur: rdrview-git (trust: 89/100)
Trust: TRUSTED
Negative signals:
M-VOTES-LOW: Package has very few votes (4)
B-SUBMITTER-CHANGED: Package maintainer (parkerlreed) differs from original submitter (vesath)
T-AUTHOR-CHANGE: Git history shows multiple different authors
traur: ttf-noto-emoji-monochrome (trust: 92/100)
Trust: TRUSTED
Negative signals:
B-MAINTAINER-SINGLE: Maintainer has only 1 package
T-AUTHOR-CHANGE: Git history shows multiple different authors
traur: ranger-git (trust: 96/100)
Trust: TRUSTED
Negative signals:
T-AUTHOR-CHANGE: Git history shows multiple different authors
traur: butt-appimage (trust: 97/100)
Trust: TRUSTED
Negative signals:
M-VOTES-LOW: Package has very few votes (2)
traur: mpdris2 (trust: 100/100)
Trust: TRUSTED
No negative signals found.
traur: googledot-cursor-theme (trust: 100/100)
Trust: TRUSTED
No negative signals found.
Guess I’ll post mine. I suppose I could just create a webapp for Spotify but I think it’s safe.
=== traur scan results ===
Scanned: 19 packages (0 errors)
TRUSTED: 17 OK: 2 SKETCHY: 0 SUSPICIOUS: 0 MALICIOUS: 0=== 19 packages ===
traur: spotify (trust: 74/100)
Trust: OK
Negative signals:
P-HTTP-SOURCE: Plain HTTP source URL (no TLS, MITM risk)
P-CHECKSUM-MISMATCH: checksum count mismatch: source has 11 entries but sha512sums has 7
B-SUBMITTER-CHANGED: Package maintainer (gromit) differs from original submitter (Foxboron)
T-AUTHOR-CHANGE: Git history shows multiple different authorstraur: traur-bin (trust: 77/100)
Trust: OK
Negative signals:
! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)traur: heroic-games-launcher-bin (trust: 85/100)
Trust: TRUSTED
Negative signals:
B-SUBMITTER-CHANGED: Package maintainer (flaviofearn) differs from original submitter (cwrau)
T-AUTHOR-CHANGE: Git history shows multiple different authors
! B-BIN-DOMAIN-MISMATCH: -bin package upstream is heroicgameslauncher.com but source downloads from github.comtraur: popsicle-bin (trust: 89/100)
Trust: TRUSTED
Negative signals:
M-VOTES-LOW: Package has very few votes (2)
B-SUBMITTER-CHANGED: Package maintainer (sandboiii) differs from original submitter (coolshaurya)
T-AUTHOR-CHANGE: Git history shows multiple different authorstraur: chromium-widevine (trust: 92/100)
Trust: TRUSTED
Negative signals:
B-SUBMITTER-CHANGED: Package maintainer (envolution) differs from original submitter (Scimmia)
T-AUTHOR-CHANGE: Git history shows multiple different authorstraur: python-inputs (trust: 92/100)
Trust: TRUSTED
Negative signals:
B-SUBMITTER-CHANGED: Package maintainer (yochananmarqos) differs from original submitter (majorx234)
T-AUTHOR-CHANGE: Git history shows multiple different authorstraur: gnu-netcat (trust: 96/100)
Trust: TRUSTED
Negative signals:
T-AUTHOR-CHANGE: Git history shows multiple different authorstraur: ookla-speedtest-bin (trust: 96/100)
Trust: TRUSTED
Negative signals:
B-MAINTAINER-SINGLE: Maintainer has only 1 packagetraur: ttf-ms-fonts (trust: 96/100)
Trust: TRUSTED
Negative signals:
T-AUTHOR-CHANGE: Git history shows multiple different authorstraur: standardnotes-bin (trust: 96/100)
Trust: TRUSTED
Negative signals:
B-SUBMITTER-CHANGED: Package maintainer (dataprolet) differs from original submitter (plague-doctor)traur: zen-browser-bin (trust: 96/100)
Trust: TRUSTED
Negative signals:
B-SUBMITTER-CHANGED: Package maintainer (Larvey) differs from original submitter (ptr1337)traur: openrgb-plugin-effects-git (trust: 97/100)
Trust: TRUSTED
Negative signals:
M-VOTES-LOW: Package has very few votes (2)traur: openrgb-plugin-hardware-sync-git (trust: 97/100)
Trust: TRUSTED
Negative signals:
M-VOTES-LOW: Package has very few votes (1)traur: proton-meet-bin (trust: 97/100)
Trust: TRUSTED
Negative signals:
M-VOTES-LOW: Package has very few votes (4)traur: proton-pass-bin (trust: 100/100)
Trust: TRUSTED
No negative signals found.traur: protonup-qt (trust: 100/100)
Trust: TRUSTED
No negative signals found.traur: pacseek (trust: 100/100)
Trust: TRUSTED
No negative signals found.traur: ventoy-bin (trust: 100/100)
Trust: TRUSTED
No negative signals found.traur: python-steam (trust: 100/100)
Trust: TRUSTED
No negative signals found.
[jk_mooney@jkmooney-ms7c96 ~]$
Sudo -S clamtk . . . .
Clamtk works if it has any value. . .
Rich 
I did try this and its GUI. When it scanned all of /home in 1/10th of a second I know something was wrong (me or them). It should have took 1-2 hours. So I uninstalled it and moved on. It has value. thank you. I was too stupid to operate it at the moment.
How come everyone else’s Ventoy is “sketchy” and yours is “Top Shelf”?
Not sure. I installed “ventoy-bin”. There is a “ventoy” on the AUR that’s a slightly later release but the PKGBUILD looks “complex” and even the author calls it a “Packaging nightmare”.