Do you have some sort of intrusion detection service running right now? (Wazuh, OSSIM, or one of the paid for solutions?) If you do, between that and the ClamAV, you should be as well protected as you could possibly by. Edit: I should specify to never skimp on user training! KnowB4 is a great tool.