You could setup a service where a file change in a directory triggers a scan. But in all honesty, a scheduled scan would probably be good enough.
(Links removed)
Thanks ryanvade
This is too technical for a desktop user such as myself.
I run LM17.1 KDE on three old 32 bit machines. On all three machines I had previously set up clamav/clamtk to do what I thought would be real time or on access scanning, but the more I read around about clam, the more I think it just can't do that in any situation on a desktop.
My conclusion is that this software is not meant to be used by everyday desktop users, other than as a manual on demand scanner on specific occasions. It seems to me that virus protection options as per the Windows environment is considered completely unnecessary in the Linux desktop environment, and the only thing a Linux user might consider is manually scanning something sent to a windows environment, just for the sake of that windows environment. More likely, the preferred option would be to forget about viruses altogether, and leave the Windows users to look after their own security.
My current explorations about clamav spring from finding that the installations were causing rogue downloads of tens of megabytes (up to 100MB) every day or two on all three machines. I suspect some system updates contaminated the clamav/tk installations such that they thought they had to download the entire database regularly, but I can't confirm that theory. Removing the installations stopped the rogue downloads, and I am now experimenting with a re-installation on one machine, set to manual update, to see if it behaves. Not sure I will persevere with it, even if it does, given the above considerations.
Cheers