ci: Update ClamAV via personal GitHub token

Author: mvach

.github/workflows/release.yml

@@ -28,12 +28,11 @@ jobs:
       - name: Install system dependencies (keepassxc + clamav)
         run: |
           sudo apt-get update
-          sudo apt-get install -y --no-install-recommends keepassxc clamav clamav-freshclam
-          # Stop the auto-updater to avoid lock contention with manual freshclam
-          sudo systemctl stop clamav-freshclam || true
-          # Attempt DB update; use --stdout to bypass /var/log locking issues
-          sudo freshclam --stdout --verbose || echo "Non-fatal: freshclam update failed or rate-limited; proceeding with packaged DB"
-          echo "ClamAV version:"; clamscan --version || true
+          sudo apt-get install -y --no-install-recommends keepassxc clamav
+          # Update ClamAV signatures using GitHub token to avoid rate limits
+          echo "Updating ClamAV signatures..."
+          sudo freshclam --user-agent="ClamAV-GitHub/${{ github.repository }} (${{ secrets.GITHUB_TOKEN }})" || echo "freshclam failed; using existing signatures"
+          clamscan --version
 
       - name: Run unit tests
         run: go test ./...
@@ -53,7 +52,7 @@ jobs:
       - name: Virus scan dist artifacts
         run: |
           echo "Scanning dist/ with ClamAV..."
-          # clamscan returns 1 if a virus is found, 0 if none found.
+
           clamscan --recursive --infected --verbose dist/ || SCAN_STATUS=$?
           if [ "${SCAN_STATUS:-0}" -eq 1 ]; then
             echo "❌ Virus detected in build artifacts. Aborting publish." >&2