As we all know Moodle supports clam antivirus. However that support only actually works for *nix servers. I tried setting up clamscan on windows with IIS and here are my findings:
1. clamscan as installed by clamwin distribution does not work from command line since it can not find location to the database files. That location is usually defined in freshclam.conf or can be passed to the clamscan with parameter --database. clamscan contemplates configuration directory based on CONFDIR define in source code. That value is set based on the operating system. In windows build it is set explicitly to "." which means current directory.
2. IIS sets value of the current directory for server side scripts based on the current location of the script itself.
This means that every php file that want's to execute clamscan must have freshclam.conf in the same folder for the execution to work.
So when moodle executes clamscan we get the message that it can not find the antivirus databases.
The most appropriate solution for this problem would be adding additional option to the antivirus configuration where user can actually specify location of antivirus database and such option cxan later be used to be passed to clamscan with --database parameter.
Alternative to this is having freshclam.conf in every place that some script invokes clamscan which is far too cumbersome.