A few questions, since it is unclear from the docs ( Antivirus scanner — Nextcloud latest Administration Manual latest documentation )
Is the background scan (both automatic and the one made on demand with occ ‘files_antivirus:background-scan’) compatible with data encryption, i.e. does NextCloud first perform decryption and then serves actual file content to antivirus (ClamAv) ?
How often automatic background scan is performed?
If you don’t have the master-key enabled, it should be impossible for the server to decrypt the file without the user being logged in. Even with the master key, I don’t really know the limitations if it this one is as well protected with a admin’s password.
That’s perhaps a good point to ask for clarification in the official documentation: GitHub · Where software is built
I suppose it might be just at night, when the long-running background tasks are started. But once all your files are scanned, and then automatically all the newly uploaded files are scanned, so there shouldn’t be a lot running in the background.
However I found this in the documentation:
Files marked as scanned will not be scanned for the next four weeks.
Perhaps also a good point to ask for more clarification in the docs.