Great. One detail.
You don't want infected machines on a LAN. So it's safest to physically pull the Ethernet cable out.
This precaution, however, prevents virus definition updates over the net. Booting Linux (GRML) lowers the threat from Windows viruses to almost nothing, but in a corporate setting, the bosses don't believe something like that. They want to know, "Did you or did you not detach the Ethernet cable, yes or no, according to our written policy for suspicious machines."
Yeah, I know, it's silly. But these kinds of policies do exist.
In that situation it's nice to have an alternative way to get updated virus defs. I can use, for example, a CD-RW, or floppies, or Zip, or USB hard drive, etc. I'll have to check how to do that with Clam. I hope GRML can somehow retain them in RAM.
Thanks, Mark