diff --git a/host_vars/file-km-neu.anw-km.netz.yml b/host_vars/file-km-neu.anw-km.netz.yml
index c7b4042..e09099d 100644
--- a/host_vars/file-km-neu.anw-km.netz.yml
+++ b/host_vars/file-km-neu.anw-km.netz.yml
@@ -661,6 +661,7 @@ samba_shares:
     group_write_list: a-jur
     file_create_mask: !!str 664
     dir_create_mask: !!str 2775
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -672,6 +673,7 @@ samba_shares:
     group_write_list: kanzlei
     file_create_mask: !!str 664
     dir_create_mask: !!str 2775
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -692,6 +694,7 @@ samba_shares:
     group_write_list: wildvang
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -703,6 +706,7 @@ samba_shares:
 #    group_write_list: aulmann
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
+#    vfs_object_virusfilter: true
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 #    vfs_object_recycle_is_visible: true
@@ -714,6 +718,7 @@ samba_shares:
 #    group_write_list: howe
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
+#    vfs_object_virusfilter: true
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 #    vfs_object_recycle_is_visible: true
@@ -725,6 +730,7 @@ samba_shares:
     group_write_list: stahmann
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -736,6 +742,7 @@ samba_shares:
     group_write_list: traine
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -747,6 +754,7 @@ samba_shares:
     group_write_list: public
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -758,6 +766,7 @@ samba_shares:
     group_write_list: advoware
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -769,6 +778,7 @@ samba_shares:
     group_write_list: intern
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: false
@@ -780,6 +790,7 @@ samba_shares:
     group_write_list: alle
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
+    vfs_object_virusfilter: true
     vfs_object_recycle: true
     recycle_path: '@Recycle'
     vfs_object_recycle_is_visible: true
@@ -791,6 +802,7 @@ samba_shares:
 #    group_write_list: web
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
+#    vfs_object_virusfilter: true
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 
diff --git a/roles/common/tasks/samba-config-server.yml b/roles/common/tasks/samba-config-server.yml
index d05164b..b4bec05 100644
--- a/roles/common/tasks/samba-config-server.yml
+++ b/roles/common/tasks/samba-config-server.yml
@@ -58,6 +58,43 @@
     - samba-server
     - samba-virusfilter
 
+- name: (samba-install.yml) Check if ClamAV virus databases are present
+  find:
+    paths: /var/lib/clamav
+    patterns:
+      - "*.cvd"
+      - "*.cld"
+  register: clamav_db_files
+  when:
+    - inventory_hostname in groups['samba_server']
+    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
+  tags:
+    - samba-server
+    - samba-virusfilter
+
+- name: (samba-install.yml) Stop clamav-freshclam service before initial database download
+  service:
+    name: clamav-freshclam
+    state: stopped
+  failed_when: false
+  when:
+    - inventory_hostname in groups['samba_server']
+    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
+    - clamav_db_files.files | length == 0
+  tags:
+    - samba-server
+    - samba-virusfilter
+
+- name: (samba-install.yml) Download initial ClamAV virus databases via freshclam
+  command: freshclam
+  when:
+    - inventory_hostname in groups['samba_server']
+    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
+    - clamav_db_files.files | length == 0
+  tags:
+    - samba-server
+    - samba-virusfilter
+
 - name: (samba-install.yml) Ensure clamav-daemon and clamav-freshclam services are enabled
   service:
     name: "{{ item }}"