Here is an example of checking the public_html directory with the removal of infected files:
/usr/local/cpanel/3rdparty/bin/clamscan -ri --remove /home/user/public_html
Similarly, other directories are checked.
To start checking only the public_html directory for all users:
/usr/local/cpanel/3rdparty/bin/clamscan -ri /home/*/public_html
To update the anti-virus database, use the command:
See also my article:
Installing and using ClamAV antivirus software