teoberi - I beleive it is necessary to open TCP ports to get clamdscan to work. An online portscanner report all my ports closed (nice) and I will stay with that.
But I see I mistook freshclam (that i did not know would run as daemon) with the clamd daemon and thought that with a running clamd and the lines "OnAccessIncludePath /home/freddy" and "OnAccessPrevention yes" added to clamd.conf the freddy directory would be monitored in real time - but unfortunatly not, sorry!
To my excuse I will say clamd.conf is difficult to understand and comments like "the mount point containing the specified directory will be watched" a bit confusing.
The mentioned ClamAV GUI is able to frequently check for fresh databases and do a daily scan of specified folders, where I suspect command line ClamAV might be configured to more frequent scans.
You are right that scanning of pdf's are slow- A clamscan of the 18 Mb AbstractDay.pdf took 3m 21s (the first 1m 22s for loading of databases). I could see the pdf was extracted as six 28 Mb "raw" noname files in the /tmp directory. The clamd.conf can be set to disable unpacking (but not scanning) of pdf's.
My conclusion: Given the ongoing (cyber)war a virusscan from and then is not stupid. I hope and think this new LTS ClamAV just will become more and more polished from now. I also realise I still have a lot to learn - which is good