diff --git a/docs/roles/debian/clamav.md b/docs/roles/debian/clamav.md
index 4e01840ea..6bc18e398 100644
--- a/docs/roles/debian/clamav.md
+++ b/docs/roles/debian/clamav.md
@@ -11,19 +11,25 @@ This role optionally provides systemd timers for routine scanning if you are not
 ```yaml
 ---
 clamav:
-  create_timer: false
+  # wrapper scripts for clamav
+  scripts:
+    - location: /usr/local/clamav/script
+      name: clamscan_daily
+      exclude_directories:
+        - /sys/
+      scan_location: /
+      log_name: clamav_daily.log
+  # scheduled scans, set to an empty dictionary for no timers
+  timers:
+    clamav_scan:
+      timer_command: /usr/local/clamav/script/clamscan_daily # path to clamscan wrapper script, ensure it is defined in clamav.scripts
+      timer_OnCalendar: "*-*-* 02:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
   server_name: "{{ inventory_hostname }}" # for identification via email, defaults to Ansible inventory name.
-  on_calendar: "*-*-* 02:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
-  scripts_location: /usr/local/clamav/script
   log_location: /var/log/clamav
-  log_name: clamav.log
   send_mail: false # Important: will not send any emails by default.
   send_on_fail: true # Only sends emails on scan failure, will not email for successful scans.
   report_recipient_email: mail@example.com
   report_sender_email: admin@server.example.com
-  scan_location: /
-  exclude_directories:
-    - /sys/
   install_clamdscan: false # flag to install additional 'clamdscan' package
 
 ```
diff --git a/docs/roles/debian/mysql_server_oracle_ce.md b/docs/roles/debian/mysql_server_oracle_ce.md
index 7ee28b24d..38ce85292 100644
--- a/docs/roles/debian/mysql_server_oracle_ce.md
+++ b/docs/roles/debian/mysql_server_oracle_ce.md
@@ -11,6 +11,7 @@ Installs MySQL Server 5.7.
 mysql_long_query_time: 4
 mysql_server_oracle_ce_key: "8C718D3B5072E1F5" # archive key - see https://dev.mysql.com/doc/refman/8.0/en/gpg-key-archived-packages.html
 mysql_server_oracle_ce_key_server: keyserver.ubuntu.com
+
 ```
 
 <!--ENDROLEVARS-->
diff --git a/roles/debian/clamav/README.md b/roles/debian/clamav/README.md
index 4e01840ea..6bc18e398 100644
--- a/roles/debian/clamav/README.md
+++ b/roles/debian/clamav/README.md
@@ -11,19 +11,25 @@ This role optionally provides systemd timers for routine scanning if you are not
 ```yaml
 ---
 clamav:
-  create_timer: false
+  # wrapper scripts for clamav
+  scripts:
+    - location: /usr/local/clamav/script
+      name: clamscan_daily
+      exclude_directories:
+        - /sys/
+      scan_location: /
+      log_name: clamav_daily.log
+  # scheduled scans, set to an empty dictionary for no timers
+  timers:
+    clamav_scan:
+      timer_command: /usr/local/clamav/script/clamscan_daily # path to clamscan wrapper script, ensure it is defined in clamav.scripts
+      timer_OnCalendar: "*-*-* 02:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
   server_name: "{{ inventory_hostname }}" # for identification via email, defaults to Ansible inventory name.
-  on_calendar: "*-*-* 02:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
-  scripts_location: /usr/local/clamav/script
   log_location: /var/log/clamav
-  log_name: clamav.log
   send_mail: false # Important: will not send any emails by default.
   send_on_fail: true # Only sends emails on scan failure, will not email for successful scans.
   report_recipient_email: mail@example.com
   report_sender_email: admin@server.example.com
-  scan_location: /
-  exclude_directories:
-    - /sys/
   install_clamdscan: false # flag to install additional 'clamdscan' package
 
 ```
diff --git a/roles/debian/clamav/defaults/main.yml b/roles/debian/clamav/defaults/main.yml
index 6dddd32d6..648ddd934 100644
--- a/roles/debian/clamav/defaults/main.yml
+++ b/roles/debian/clamav/defaults/main.yml
@@ -1,16 +1,22 @@
 ---
 clamav:
-  create_timer: false
+  # wrapper scripts for clamav
+  scripts:
+    - location: /usr/local/clamav/script
+      name: clamscan_daily
+      exclude_directories:
+        - /sys/
+      scan_location: /
+      log_name: clamav_daily.log
+  # scheduled scans, set to an empty dictionary for no timers
+  timers:
+    clamscan_daily:
+      timer_command: /usr/local/clamav/script/clamscan_daily # path to clamscan wrapper script, ensure it is defined in clamav.scripts
+      timer_OnCalendar: "*-*-* 02:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
   server_name: "{{ inventory_hostname }}" # for identification via email, defaults to Ansible inventory name.
-  on_calendar: "*-*-* 02:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
-  scripts_location: /usr/local/clamav/script
   log_location: /var/log/clamav
-  log_name: clamav.log
   send_mail: false # Important: will not send any emails by default.
   send_on_fail: true # Only sends emails on scan failure, will not email for successful scans.
   report_recipient_email: mail@example.com
   report_sender_email: admin@server.example.com
-  scan_location: /
-  exclude_directories:
-    - /sys/
   install_clamdscan: false # flag to install additional 'clamdscan' package
diff --git a/roles/debian/clamav/tasks/main.yml b/roles/debian/clamav/tasks/main.yml
index b84a4f2a6..ebf032e74 100644
--- a/roles/debian/clamav/tasks/main.yml
+++ b/roles/debian/clamav/tasks/main.yml
@@ -1,34 +1,34 @@
 ---
-- name: Ensure the ClamAV scripts directory exists.
+- name: Ensure the ClamAV scripts directories exists.
   ansible.builtin.file:
-    path: "{{ clamav.scripts_location }}"
+    path: "{{ item.location }}"
     state: directory
     mode: '0755'
+  with_items: "{{ clamav.scripts }}"
+  when: clamav.scripts | length > 0
 
-- name: Copy clamscan script to server.
+- name: Copy clamscan scripts to server.
   ansible.builtin.template:
     src: "clamscan.j2"
-    dest: "{{ clamav.scripts_location }}/clamscan"
+    dest: "{{ item.location }}/{{ item.name }}"
     owner: root
     group: root
     mode: "0755"
+  with_items: "{{ clamav.scripts }}"
+  when: clamav.scripts | length > 0
 
 - name: Ensure the ClamAV log directory exists.
   ansible.builtin.file:
     path: "{{ clamav.log_location }}"
     state: directory
     mode: '0755'
-  when: clamav.create_timer
 
-- name: Set up a ClamAV systemd timer.
+- name: Set up a ClamAV systemd timers.
   ansible.builtin.include_role:
     name: contrib/systemd_timers
   vars:
-    timers:
-      clamav_scan:
-        timer_command: "{{ clamav.scripts_location }}/clamscan"
-        timer_OnCalendar: "{{ clamav.on_calendar }}"
-  when: clamav.create_timer
+    timers: "{{ clamav.timers }}"
+  when: clamav.timers | length > 0
 
 - name: Install clamdscan.
   ansible.builtin.apt:
diff --git a/roles/debian/clamav/templates/clamscan.j2 b/roles/debian/clamav/templates/clamscan.j2
index c2b54e2cb..231085405 100644
--- a/roles/debian/clamav/templates/clamscan.j2
+++ b/roles/debian/clamav/templates/clamscan.j2
@@ -1,7 +1,7 @@
 #!/bin/bash
 SUBJECT="{{ clamav.server_name }} PASSED SCAN"
 EMAIL="{{ clamav.report_recipient_email }}"
-LOG={{ clamav.log_location }}/{{ clamav.log_name }}
+LOG={{ clamav.log_location }}/{{ item.log_name }}
 TMP_LOG=/tmp/clam.daily
 
 rm -rf ${TMP_LOG}
@@ -38,9 +38,10 @@ av_report() {
 }
 
 av_scan() {
+    {% if item.exclude_directories | length > 0 %}
     # build bash array of directories to exclude
     EXCLUSIONS=()
-    {% for directory in clamav.exclude_directories %}
+    {% for directory in item.exclude_directories %}
     EXCLUSIONS+=("{{ directory }}")
     {% endfor %}
 
@@ -49,9 +50,10 @@ av_scan() {
     for directory in ${EXCLUSIONS[@]}; do
       EXCLUSIONS_STRING+=" --exclude-dir=$directory"
     done
+    {% endif %}
 
 	touch ${TMP_LOG}
-	clamscan -r {{ clamav.scan_location }} --quiet --infected --log=${TMP_LOG}$EXCLUSIONS_STRING
+	clamscan -r {{ item.scan_location }} --quiet --infected --log=${TMP_LOG}$EXCLUSIONS_STRING
 
 	cat ${TMP_LOG} >> ${LOG}
 }
diff --git a/roles/debian/mysql_server_oracle_ce/README.md b/roles/debian/mysql_server_oracle_ce/README.md
index 7ee28b24d..38ce85292 100644
--- a/roles/debian/mysql_server_oracle_ce/README.md
+++ b/roles/debian/mysql_server_oracle_ce/README.md
@@ -11,6 +11,7 @@ Installs MySQL Server 5.7.
 mysql_long_query_time: 4
 mysql_server_oracle_ce_key: "8C718D3B5072E1F5" # archive key - see https://dev.mysql.com/doc/refman/8.0/en/gpg-key-archived-packages.html
 mysql_server_oracle_ce_key_server: keyserver.ubuntu.com
+
 ```
 
 <!--ENDROLEVARS-->