If they are all hosting the same instance of moodle / moodledata, the other way around it would be to centralise your moodledata path to one server (well, two clustered) - then just run clamav on one (the way I've seen some installations use one central database cluster with multiple web servers). Unless anyone beyond admins have FTP or SSH access to your web servers, and is not using a development station with up to date antivirus on, that should do it.
Security and privacy
ClamAV server
This discussion has been locked so you can no longer reply to it.