I'll let a CentOS runner respond to your first question.

On Jan 31, 2020, at 21:28, Eduardo Lúcio Amorim Costa via clamav-users <clamav-users@lists.clamav.net> wrote:

I have two questions...

I - What would be a "basic scan" of my file system (Linux, CentOS 7) using clamscan? That is, what parameters should I use and what directories should I scan?
II - Is ClamAV able to deal with "specific" Linux dangers such as rootkits, etc?

With regard to your second question, I would have to guess only partially. There are exactly 31 signatures containing the word "Linux", with 29 of them in main.ndb and main.hdb. The other two are in daily.ldb and would be the only recent additions.

The names are:

Win.Tool.Linux-1, -14, -15

Win.Trojan.Linux-2, -4, -5, -8 thru -13, -16 thru -23, -27 thru -29

Legacy.Trojan.Linux-3

Legacy.Exploit.Linux-6 and -7

Win.Exploit.Linux-24 thru -26

Unix.Trojan.Linux_DDoS_93-2 and -5364119-0

It's anybody's guess what they actually protect against and how to interpret the ones that start with "Win." indicating a Windows signature.

-Al-