--- etc/clamd.conf.macports
+++ etc/clamd.conf.macports	2023-12-09 13:14:35
@@ -5,13 +5,13 @@
 
 
 # Comment or remove the line below.
-Example
+#Example
 
 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
-#LogFile /tmp/clamd.log
+LogFile @PREFIX@/var/log/clamav/clamd.log
 
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
@@ -28,7 +28,7 @@
 # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
 # rotation (the LogRotate option) will always be enabled.
 # Default: 1M
-#LogFileMaxSize 2M
+LogFileMaxSize 2M
 
 # Log time with each message.
 # Default: no
@@ -66,7 +66,7 @@
 
 # Log additional information about the infected file, such as its
 # size and hash, together with the virus name.
-#ExtendedDetectionInfo yes
+ExtendedDetectionInfo yes
 
 # This option allows you to save a process identifier of the listening
 # daemon.
@@ -74,7 +74,7 @@
 # It is recommended that the directory where this file is stored is
 # also owned by root to keep other users from tampering with it.
 # Default: disabled
-#PidFile /run/clamav/clamd.pid
+PidFile @PREFIX@/var/run/clamav/clamd.pid
 
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
@@ -98,8 +98,7 @@
 
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
-#LocalSocket /run/clamav/clamd.sock
-#LocalSocket /tmp/clamd.sock
+LocalSocket @PREFIX@/var/run/clamav/clamd.socket
 
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
@@ -146,7 +145,7 @@
 
 # Maximum number of threads running at the same time.
 # Default: 10
-#MaxThreads 20
+MaxThreads 6
 
 # Waiting for data from a client socket will timeout after this time (seconds).
 # Default: 120
@@ -185,9 +184,107 @@
 #ExcludePath ^/proc/
 #ExcludePath ^/sys/
 
+# BRE regex References:
+# https://www.clamav.net/documents/phishsigs#Introduction-to-regular
+# https://forum.netgate.com/topic/102819/alternate-definitions-for-clamav/10
+# http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
+
+# Exclude these attached volumes that `CrossFilesystems` doesn't prevent
+
+# Exclude all attached volumes
+#ExcludePath ^/Volumes/
+
+# Exclude every volume that's not named /Volumes/Macintosh HD/
+# Note: Use with `FollowDirectorySymlinks no`. The default is this directory
+# is a symlink, and will not be scanned; otherwise scan if it's an attached volume
+ExcludePath ^/Volumes/([^M]|M([^a]|a([^c]|c([^i]|i([^n]|n([^t]|t([^o]|o([^s]|s([^h]|h([^ ]|[ ]([^H]|H([^D]|D([^/])|$)|$)|$)|$)|$)|$)|$)|$)|$)|$)|$))[^/]{0,240}/
+
+ExcludePath ^/Network/
+ExcludePath ^/Quarantine/
+ExcludePath ^/opt/Quarantine/
+ExcludePath ^/dev/
+ExcludePath /.dbfseventsd$
+# macOS SIP https://support.apple.com/en-us/HT204899
+# ls -leOd /*  | grep restricted
+ExcludePath ^/System/
+ExcludePath ^/bin/
+ExcludePath ^/etc/
+ExcludePath ^/sbin/
+ExcludePath ^/tmp/
+ExcludePath ^/usr/
+ExcludePath ^/var/
+# ls -leOd /usr/* | grep restricted | perl -lane 'chomp; s/.+\/usr\/(.+)/$1/; print "ExcludePath ^/usr/$_/";'
+ExcludePath ^/usr/X11/
+ExcludePath ^/usr/X11R6/
+ExcludePath ^/usr/bin/
+ExcludePath ^/usr/lib/
+ExcludePath ^/usr/libexec/
+ExcludePath ^/usr/sbin/
+ExcludePath ^/usr/share/
+ExcludePath ^/usr/standalone/
+# ls -leOd /Applications/* | grep restricted | perl -lane 'chomp; s/.+\/Applications\/(.+\.app)/$1/; print "ExcludePath ^/Applications/$_/";'
+ExcludePath ^/Applications/App Store.app/
+ExcludePath ^/Applications/Automator.app/
+ExcludePath ^/Applications/Books.app/
+ExcludePath ^/Applications/Calculator.app/
+ExcludePath ^/Applications/Calendar.app/
+ExcludePath ^/Applications/Chess.app/
+ExcludePath ^/Applications/Contacts.app/
+ExcludePath ^/Applications/Dashboard.app/
+ExcludePath ^/Applications/Dictionary.app/
+ExcludePath ^/Applications/FaceTime.app/
+ExcludePath ^/Applications/Font Book.app/
+ExcludePath ^/Applications/Home.app/
+ExcludePath ^/Applications/Image Capture.app/
+ExcludePath ^/Applications/Launchpad.app/
+ExcludePath ^/Applications/Mail.app/
+ExcludePath ^/Applications/Maps.app/
+ExcludePath ^/Applications/Messages.app/
+ExcludePath ^/Applications/Mission Control.app/
+ExcludePath ^/Applications/News.app/
+ExcludePath ^/Applications/Notes.app/
+ExcludePath ^/Applications/Photo Booth.app/
+ExcludePath ^/Applications/Photos.app/
+ExcludePath ^/Applications/Preview.app/
+ExcludePath ^/Applications/QuickTime Player.app/
+ExcludePath ^/Applications/Reminders.app/
+ExcludePath ^/Applications/Safari.app/
+ExcludePath ^/Applications/Siri.app/
+ExcludePath ^/Applications/Stickies.app/
+ExcludePath ^/Applications/Stocks.app/
+ExcludePath ^/Applications/System Preferences.app/
+ExcludePath ^/Applications/TextEdit.app/
+ExcludePath ^/Applications/Time Machine.app/
+ExcludePath ^/Applications/VoiceMemos.app/
+ExcludePath ^/Applications/iTunes.app/
+# ls -leOd /Applications/Utilities/* | grep restricted | perl -lane 'chomp; s/.+\/Applications\/(.+\.app)/$1/; print "ExcludePath ^/Applications/$_/";'
+ExcludePath ^/Applications/Utilities/Activity Monitor.app/
+ExcludePath ^/Applications/Utilities/AirPort Utility.app/
+ExcludePath ^/Applications/Utilities/Audio MIDI Setup.app/
+ExcludePath ^/Applications/Utilities/Bluetooth File Exchange.app/
+ExcludePath ^/Applications/Utilities/Boot Camp Assistant.app/
+ExcludePath ^/Applications/Utilities/ColorSync Utility.app/
+ExcludePath ^/Applications/Utilities/Console.app/
+ExcludePath ^/Applications/Utilities/Digital Color Meter.app/
+ExcludePath ^/Applications/Utilities/Disk Utility.app/
+ExcludePath ^/Applications/Utilities/Grapher.app/
+ExcludePath ^/Applications/Utilities/Keychain Access.app/
+ExcludePath ^/Applications/Utilities/Migration Assistant.app/
+ExcludePath ^/Applications/Utilities/Screenshot.app/
+ExcludePath ^/Applications/Utilities/Script Editor.app/
+ExcludePath ^/Applications/Utilities/System Information.app/
+ExcludePath ^/Applications/Utilities/Terminal.app/
+ExcludePath ^/Applications/Utilities/VoiceOver Utility.app/
+
+# exclude these local package directories that have detectable signatures
+# snort
+ExcludePath ^/usr/local/etc/snort/rules/
+# rspamd
+ExcludePath ^@PREFIX@/var/macports/distfiles/rspamd/
+
 # Maximum depth directories are scanned at.
 # Default: 15
-#MaxDirectoryRecursion 20
+MaxDirectoryRecursion 30
 
 # Follow directory symlinks.
 # Default: no
@@ -231,7 +328,7 @@
 
 # Don't fork into background.
 # Default: no
-#Foreground yes
+Foreground yes
 
 # Enable debug messages in libclamav.
 # Default: no
@@ -255,7 +352,7 @@
 
 # Detect Possibly Unwanted Applications.
 # Default: no
-#DetectPUA yes
+DetectPUA yes
 
 # Exclude a specific PUA category. This directive can be used multiple times.
 # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
@@ -270,6 +367,11 @@
 #IncludePUA Spy
 #IncludePUA Scanner
 #IncludePUA RAT
+
+IncludePUA RAT
+IncludePUA Spy
+IncludePUA Server
+IncludePUA Script
 
 # This option causes memory or nested map scans to dump the content to disk.
 # If you turn on this option, more data is written to disk and is available