ClamAV Pack
Local malware-scan capability pack. By-value cli connector composition (service_kind=cli): the ClamAV daemon client `clamdscan` scanning a data.file.received record's bytes, via the file.scan catalog operation. The file_ref's bytes are materialized to an engine-managed throwaway temp file, scanned by the local clamd, and the temp file removed in a finally (input_materialize) — no bytes ever flow through op-step values, and no content leaves the machine. The op returns the scanner EXIT CODE only (0 = clean, 1 = infected, 2+ = scan error → the executor rejects and the verdict is left unwritten); the verdict is read from the exit code, never stdout. read-tier / approval=never so a reactive scan runs unattended; the op is cli-kind so it is NEVER an MCP/door tool — only a recipe can invoke it, and only over warehouse file_refs (never an arbitrary host path). PREREQUISITE: install ClamAV and run the clamd daemon — macOS: `brew install clamav` then `freshclam` + run `clamd`; Debian/Ubuntu: `apt install clamav-daemon clamav-freshclam` then `systemctl start clamav-daemon`; Windows: install ClamAV and run the ClamD service. `--fdpass` passes the file descriptor to clamd so it can read the engine temp file even when clamd runs as a different user (Unix socket); a TCP clamd needs read access to the temp dir instead. Drives the ClamAV Scan workflow pack (clamav-scan), which auto-scans every inbound reception drop. A zero-install Windows-Defender variant (`MpCmdRun.exe -Scan -ScanType 3 -File {target} -DisableRemediation`) can be authored the same way (a cli ingredient + a file.scan op with success_codes [0,2]).
What this pack installs
- clamav Ingredient
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.