Antivirus as a thing is mostly dead, or has morphed into more aggressive endpoint protection. In that sense ClamAV is mostly to scan for known malware in things like mail servers. Make sure people aren’t sending malicious stuff, albeit mostly low hanging fruit.
Nextcloud, wikis, or other similar aggregation sites are also a usecase, but again low hanging fruit.
Set up a cron job and have it run periodically, like once an hour / day / week, whatever. Make sure you set up something that alerts you if/when it hits on something.
Most countries give customs and border agents broad latitude to do stuff like that. I’ve had it happen in Vietnam, the US, and Turkey, among others.
Burners, all the way