diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index ca5015ded3e8..ab1d32b911ef 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -39,6 +39,7 @@ in
   cfssl = handleTestOn ["x86_64-linux"] ./cfssl.nix {};
   chromium = (handleTestOn ["x86_64-linux"] ./chromium.nix {}).stable or {};
   cjdns = handleTest ./cjdns.nix {};
+  clamav = handleTest ./clamav.nix {};
   cloud-init = handleTest ./cloud-init.nix {};
   codimd = handleTest ./codimd.nix {};
   containers-bridge = handleTest ./containers-bridge.nix {};
diff --git a/nixos/tests/clamav.nix b/nixos/tests/clamav.nix
new file mode 100644
index 000000000000..84a08bcc49f3
--- /dev/null
+++ b/nixos/tests/clamav.nix
@@ -0,0 +1,37 @@
+import ./make-test.nix ({ pkgs, ... }: let
+
+  eicarTestFile = pkgs.fetchurl {
+    url = "http://2016.eicar.org/download/eicar.com.txt";
+    sha256 = "03zxa7vap2jkqjif4bzcjp33yrnip5yrz2bisia9wj5npwdh4ni7";
+  };
+
+  clamavMain = builtins.fetchurl "http://database.clamav.net/main.cvd";
+  clamavDaily = builtins.fetchurl "http://database.clamav.net/daily.cvd";
+  clamavBytecode = builtins.fetchurl "http://database.clamav.net/bytecode.cvd";
+
+in {
+  name = "clamav";
+  meta = with pkgs.stdenv.lib.maintainers; {
+    maintainers = [ fpletz ];
+  };
+
+  nodes.machine = { ... }: {
+    virtualisation.memorySize = 1024;
+
+    services.clamav.daemon.enable = true;
+    systemd.services.clamav-daemon.preStart = ''
+      mkdir -p /var/lib/clamav
+      ln -sf ${clamavMain} /var/lib/clamav/main.cvd
+      ln -sf ${clamavDaily} /var/lib/clamav/daily.cvd
+      ln -sf ${clamavBytecode} /var/lib/clamav/bytecode.cvd
+    '';
+  };
+
+  testScript = ''
+    startAll;
+    $machine->waitForUnit("multi-user.target");
+    $machine->waitForUnit("clamav-daemon.service");
+    $machine->waitForFile("/run/clamav/clamd.ctl");
+    $machine->fail("clamdscan ${eicarTestFile}");
+  '';
+})