diff --git a/molecule/virtualbox/molecule.yml b/molecule/virtualbox/molecule.yml
index efbeb33926c1f3df0b6d7867feed0410c1f616b5..2881dc824007caec07a4185338ba85c635c6104d 100644
--- a/molecule/virtualbox/molecule.yml
+++ b/molecule/virtualbox/molecule.yml
@@ -12,7 +12,7 @@ platforms:
   # Check out the documentation at
   # https://github.com/ansible-community/molecule-vagrant#documentation
   # for more platform parameters.
-  - name: vm-runner
+  - name: vm-harden-mol-deb
     box: debian/bookworm64
     memory: 3072
     # List of raw Vagrant `config` options.
diff --git a/molecule/virtualbox_rocky8/molecule.yml b/molecule/virtualbox_rocky8/molecule.yml
index e899426673330d3cd7ec9f56f39df54b8161e33d..e33cff9f6bb0af2ad1fb4800ac108db56857c0a5 100644
--- a/molecule/virtualbox_rocky8/molecule.yml
+++ b/molecule/virtualbox_rocky8/molecule.yml
@@ -8,7 +8,7 @@ platforms:
   # Check out the documentation at
   # https://github.com/ansible-community/molecule-vagrant#documentation
   # for more platform parameters.
-  - name: vm-harden-mol
+  - name: vm-harden-mol-rocky8
     box: rockylinux/8
     memory: 3072
     # List of raw Vagrant `config` options.
diff --git a/tasks/install_clamav.yml b/tasks/install_clamav.yml
deleted file mode 100644
index 924ac5cdaeae20923e8e78619c5e1632e8f4b51f..0000000000000000000000000000000000000000
--- a/tasks/install_clamav.yml
+++ /dev/null
@@ -1,209 +0,0 @@
----
-# based on https://www.golinuxcloud.com/steps-install-configure-clamav-antivirus-centos-linux/
-
-- name: include vars clamav
-  ansible.builtin.include_vars: "clamav.yml"
-  tags: [apt]
-
-
-
-- name: install clamav packages (Debian)
-  ansible.builtin.apt:
-    name: "clamav-daemon"
-    state: present
-  when: ansible_os_family == "Debian"
-  tags: [apt]
-
-- name: install clamav packages (RedHat)
-  ansible.builtin.dnf:
-    name: [
-      'clamav-server',
-      'clamav',
-      'clamav-scanner-systemd',
-      'clamav-server-systemd',
-      'clamav-update',
-      # 'clamav-data',           # pulled in by dependency
-      # 'clamav-filesystem',     # pulled in by dependency
-      # 'clamav-lib',            # pulled in by dependency
-      "clamd",
-    ]
-    state: present
-    update_cache: true
-  when: ansible_os_family == "RedHat"
-  tags: [yum]
-
-
-
-- name: create ClamAV log directory
-  ansible.builtin.file:
-    path: "/var/log/clamav/"
-    state: directory
-    mode: "0755"
-    owner: "{{ 'clamav' if ansible_os_family == 'Debian' else 'clamupdate' }}"
-    group: "adm"
-
-
-
-# clamav-freshclam.service und clamav-daemon.service laufen nach der Installation sofort los
-- name: configure freshclam
-  ansible.builtin.blockinfile:
-    name: "{{ clamav_cfg_path }}/freshclam.conf"
-    mode: "0444"
-    owner: "{{ 'clamav' if ansible_os_family == 'Debian' else 'clamupdate' }}"
-    group: "adm"
-    create: true
-    block: |
-      # Automatically created by the clamav-freshclam postinst
-      # Comments will get lost when you reconfigure the clamav-freshclam package
-
-      DatabaseOwner {{ 'clamav' if ansible_os_family == 'Debian' else 'clamupdate' }}
-      UpdateLogFile /var/log/clamav/freshclam.log
-      LogVerbose false
-      LogSyslog false
-      LogFacility LOG_LOCAL6
-      LogFileMaxSize 50M
-      LogRotate true
-      LogTime true
-      Foreground false
-      Debug false
-      MaxAttempts 5
-      DatabaseDirectory /var/lib/clamav
-      DNSDatabaseInfo current.cvd.clamav.net
-      ConnectTimeout 30
-      ReceiveTimeout 30
-      TestDatabases yes
-      ScriptedUpdates yes
-      CompressLocalDatabase no
-      # SafeBrowsing false      # DEPRECATED
-      Bytecode true
-      NotifyClamd /etc/clamav/clamd.conf
-      # Check for new database 24 times a day
-      Checks 24
-      # Default: DatabaseMirror db.local.clamav.net
-      DatabaseMirror db.de.clamav.net
-      DatabaseMirror database.clamav.net
-      OnUpdateExecute "/usr/local/bin/refresh_rkhunter.sh"
-  notify: restart freshclam
-
-- name: remove legacy config
-  ansible.builtin.file:
-    path: "{{ clamav_cfg_path }}/{{ ansible_hostname }}.conf"
-    state: absent
-
-# Config paths according to manpage/systemd-unit:
-#   - Debian: "/etc/clamav/clamd.conf"
-#   - RedHat: "/etc/clamd.d/scan.conf"
-- name: configure ClamD
-  ansible.builtin.blockinfile:
-    name: "{{ clamav_cfg_path }}/{{ 'clamd' if ansible_os_family == 'Debian' else 'scan' }}.conf"
-    mode: "0444"
-    owner: "{{ 'clamav' if ansible_os_family == 'Debian' else 'clamscan' }}"
-    group: "adm"
-    create: true
-    insertafter: EOF
-    marker: "{{ item.marker }}"
-    block: "{{ item.block }}"
-  loop:
-    # configure general settings
-    - marker: "# {mark} ANSIBLE MANAGED BLOCK - CLAMD SCAN SETTINGS"
-      block: |
-        LogFileMaxSize 0
-        LogTime yes
-        LogVerbose yes
-        TemporaryDirectory /var/tmp
-        DatabaseDirectory /var/lib/clamav
-        FixStaleSocket yes
-        TCPSocket 3310
-        TCPAddr 127.0.0.1
-        MaxConnectionQueueLength 200
-        StreamMaxLength 4000M
-        # AllowSupplementaryGroups yes            # DEPRECATED
-        ScanPE yes
-        ScanELF yes
-        # DetectBrokenExecutables yes             # DEPRECATED
-        ScanOLE2 yes
-        ScanMail yes
-        ScanArchive yes
-        ArchiveBlockEncrypted no
-        OnAccessExcludeUname root
-        OnAccessIncludePath /
-    # configure ClamD exclude paths
-    - marker: "### {mark} ANSIBLE MANAGED BLOCK - CLAMD FILE WHITELIST"
-      block: |
-        # Exclude paths from being checked. Use 'man regex' to get more information about REGEX format (clamav uses the regex.c library).
-        # Default: ExcludePath REGEX
-        ExcludePath "/mnt/*"
-        # Default: disabled
-        OnAccessExcludePath "/mnt/*"
-  notify:
-    - restart clamav-daemon service
-    - restart clamd service
-
-- name: configure ClamD to refresh rkhunter after DB updates
-  ansible.builtin.blockinfile:
-    name: "/usr/local/bin/refresh_rkhunter.sh"
-    mode: "0755"
-    owner: "{{ 'clamav' if ansible_os_family == 'Debian' else 'clamupdate' }}"
-    group: "adm"
-    create: true
-    insertafter: EOF
-    block: |
-      #!/usr/bin/env bash
-      set -e
-
-      if [ -x /usr/bin/rkhunter ]; then
-          /usr/bin/rkhunter --propupd --nolog
-      fi
-
-- name: enable Freshclam systemd service now to make sure we have signature databases on the system 
-  ansible.builtin.systemd:
-    service: "clamav-freshclam.service"
-    enabled: true
-    state: "started"
-  when: ansible_os_family == "RedHat"
-
-- name: wait for signature file to appear
-  ansible.builtin.wait_for:
-    path: "/var/lib/clamav/{{ item }}"
-    timeout: 600   # Maximum number of seconds to wait for
-  loop:
-    - "bytecode.cvd"    # compiled bytecode signatures evaluated by the
-                        # bytecode interpreter engine
-    # - "daily.cld"     # signatures for the latest threats (updated daily)
-                        # We don't wait for these, because they might not exist
-                        # on a fresh installation.
-    - "main.cvd"        # signatures previously in daily.cvd that have shown to
-                        # have a low false-positive risk.
-  when: ansible_os_family == "RedHat"
-
-- name: find out if unnecessary systemd service exists
-  ansible.builtin.stat:
-    path: "/etc/systemd/system/multi-user.target.wants/clamd@{{ ansible_hostname }}.service"
-  register: clamd_unit
-
-- name: remove unnecessary systemd services
-  ansible.builtin.systemd:
-    service: "clamd@{{ ansible_hostname }}.service"
-    state: stopped
-    enabled: false
-  loop:
-    - "clamd@{{ ansible_hostname }}.service"
-    - "clamd@.service"
-  when: 
-    - ( ansible_os_family == "RedHat" )
-    - ( clamd_unit.stat.exists )
-
-- name: remove custom clamd service
-  ansible.builtin.file:
-    path: "/etc/systemd/system/clamd@.service"
-    state: absent
-  when: 
-    - ( ansible_os_family == "RedHat" )
-    - ( clamd_unit.stat.exists )
-
-- name: enable ClamD systemd service
-  ansible.builtin.systemd:
-    service: "clamd@scan.service"
-    enabled: true
-    state: "started"
-  when: ansible_os_family == "RedHat"
diff --git a/tasks/main.yml b/tasks/main.yml
index 532b830ea77c1edd0c95f2126829e0849762fc4e..0b46b4060497ef1afbfc3482fbc9a332d695a9f6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -52,8 +52,8 @@
   ansible.builtin.import_tasks: "install_rkhunter.yml"
   tags: [rkhunter]
 
-- name: include ClamAV install task
-  ansible.builtin.import_tasks: "install_clamav.yml"
+- name: include ClamAV uninstall task
+  ansible.builtin.import_tasks: "uninstall_clamav.yml"
   tags: [clamav]
 
 - name: include auditd install task
diff --git a/tasks/uninstall_clamav.yml b/tasks/uninstall_clamav.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3faaf624c558dd52c36c2880c5f699e2e8fe0b86
--- /dev/null
+++ b/tasks/uninstall_clamav.yml
@@ -0,0 +1,93 @@
+---
+# based on https://www.golinuxcloud.com/steps-install-configure-clamav-antivirus-centos-linux/
+
+- name: include vars clamav
+  ansible.builtin.include_vars: "clamav.yml"
+  tags: [apt]
+
+
+
+- name: uninstall clamav packages (Debian)
+  ansible.builtin.apt:
+    name: "clamav-daemon"
+    state: absent
+  when: ansible_os_family == "Debian"
+  tags: [apt]
+
+- name: uninstall clamav packages (RedHat)
+  ansible.builtin.dnf:
+    name: [
+      'clamav-server',
+      'clamav',
+      'clamav-scanner-systemd',
+      'clamav-server-systemd',
+      'clamav-update',
+      # 'clamav-data',           # pulled in by dependency
+      # 'clamav-filesystem',     # pulled in by dependency
+      # 'clamav-lib',            # pulled in by dependency
+      "clamd",
+    ]
+    state: absent
+  when: ansible_os_family == "RedHat"
+  tags: [yum]
+
+
+
+- name: purge ClamAV files (configs, logs)
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/var/log/clamav"    # Logdir
+    - "{{ clamav_cfg_path }}/freshclam.conf"    # Freshclam config
+    - "{{ clamav_cfg_path }}/{{ 'clamd' if ansible_os_family == 'Debian' else 'scan' }}.conf"    # ClamAV config
+    - "{{ clamav_cfg_path }}/{{ ansible_hostname }}.conf"    # Legacy config
+    - "/usr/local/bin/refresh_rkhunter.sh"    # RKhunter
+
+
+
+- name: find out if Freshclam/ClamAV services exist    # noqa command-instead-of-module
+  ansible.builtin.command:
+    cmd: "systemctl is-active {{ item }}"
+  loop:
+    - "clamav-freshclam.service"
+    - "clamd@scan.service"
+  when: ansible_os_family == "RedHat"
+  changed_when: false
+  failed_when: false
+  register: services
+
+- name: disable Freshclam and Clamd systemd service
+  ansible.builtin.systemd:
+    service: "{{ item.item }}"
+    enabled: false
+    state: "stopped"
+  when:
+    - ansible_os_family == "RedHat"
+    - '"inactive" != item.stdout'
+  loop: "{{ services.results }}"
+
+- name: find out if unnecessary systemd service exists
+  ansible.builtin.stat:
+    path: "/etc/systemd/system/multi-user.target.wants/clamd@{{ ansible_hostname }}.service"
+  register: clamd_unit
+
+- name: remove unnecessary systemd services
+  ansible.builtin.systemd:
+    service: "clamd@{{ ansible_hostname }}.service"
+    state: stopped
+    enabled: false
+  loop:
+    - "clamd@{{ ansible_hostname }}.service"
+    - "clamd@.service"
+  when: 
+    - ( ansible_os_family == "RedHat" )
+    - ( clamd_unit.stat.exists )
+
+- name: remove custom clamd service
+  ansible.builtin.file:
+    path: "/etc/systemd/system/clamd@.service"
+    state: absent
+  when: 
+    - ( ansible_os_family == "RedHat" )
+    - ( clamd_unit.stat.exists )