Switch from clamscan to clamd + clamdscan --multiscan

clamscan single-threaded scans were the LS26 bottleneck. Daemon mode
parallelises across MaxThreads=8 and only loads signatures once.

- Add clamav-daemon + clamav-clamdscan packages.
- start.sh::start_clamd waits up to 60s for /tmp/clamd.sock.
- New clamd.conf: MaxThreads 8, DetectPUA, AlertOLE2Macros,
  ExcludePath ^/data/(proc|sys|dev|run)/, log to /tmp/clamd.log.
- Drop final USER user so clamd can own its socket as clamav.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Dockerfile

@@ -14,20 +14,16 @@ FROM alpine
 ARG PUID=1001
 ARG PGID=1001
 MAINTAINER tabledevil
-RUN apk add -u --no-cache clamav bash clamav-libunrar 
+RUN apk add -u --no-cache clamav clamav-daemon clamav-clamdscan bash clamav-libunrar
 COPY --from=builder /var/lib/clamav /var/lib/clamav
-#add startscript
+ADD clamd.conf /etc/clamav/clamd.conf
 ADD start.sh /start.sh
 RUN chmod +x /start.sh
-#customize clamav config
-RUN sed -ie 's/#DetectPUA yes/DetectPUA yes/p' /etc/clamav/clamd.conf
-RUN sed -ie 's/#AlertOLE2Macros yes/AlertOLE2Macros yes/p' /etc/clamav/clamd.conf
-#
 RUN chown root /usr/bin/freshclam
 RUN chmod u+s /usr/bin/freshclam
-#add user
+RUN mkdir -p /tmp && chown clamav:clamav /tmp
 RUN addgroup -g ${PGID} user && \
-    adduser -D -u ${PUID} -G user user
+    adduser -D -u ${PUID} -G user user && \
+    adduser user clamav
 ENTRYPOINT ["/start.sh"]
 CMD ["shell"]
-USER user