diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index 57ff1af2ff6f..d1621c0c74ef 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -70,6 +70,7 @@ in
     prayer = 49;
     mpd = 50;
     clamav = 51;
+    fprot = 52;
 
     # When adding a uid, make sure it doesn't match an existing gid.
 
@@ -120,6 +121,7 @@ in
     prayer = 49;
     mpd = 50;
     clamav = 51;
+    fprot = 52;
 
     # When adding a gid, make sure it doesn't match an existing uid.
 
diff --git a/modules/module-list.nix b/modules/module-list.nix
index a67f8c2f1335..2e6f77afa1fc 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -162,6 +162,7 @@
   ./services/scheduling/cron.nix
   ./services/scheduling/fcron.nix
   ./services/security/clamav.nix
+  ./services/security/fprot.nix
   ./services/security/frandom.nix
   ./services/security/tor.nix
   ./services/security/torsocks.nix
diff --git a/modules/services/security/fprot.nix b/modules/services/security/fprot.nix
new file mode 100644
index 000000000000..9f1fc4ed6d8b
--- /dev/null
+++ b/modules/services/security/fprot.nix
@@ -0,0 +1,88 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+  fprotUser = "fprot";
+  stateDir = "/var/lib/fprot";
+  fprotGroup = fprotUser;
+  cfg = config.services.fprot;
+in {
+  options = {
+
+    services.fprot = {
+      updater = {
+	enable = mkOption {
+	  default = false;
+	  description = ''
+	    Whether to enable automatic F-Prot virus definitions database updates.
+	  '';
+	};
+
+	productData = mkOption {
+	  default = "${pkgs.fprot}/opt/f-prot/product.data";
+	  description = ''
+	    product.data file. Defaults to the one supplied with installation package.
+	  '';
+	};
+
+	frequency = mkOption {
+	  default = 30;
+	  description = ''
+	    Update virus definitions every X minutes.
+	  '';
+	};
+
+	licenseKeyfile = mkOption {
+	  default = "${pkgs.fprot}/opt/f-prot/license.key";
+	  description = ''
+	    License keyfile. Defaults to the one supplied with installation package.
+	  '';
+	};
+
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.updater.enable {
+    environment.systemPackages = [ pkgs.fprot ];
+    environment.etc = singleton {
+      source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";
+      target = "f-prot.conf";
+    };
+
+    users.extraUsers = singleton
+      { name = fprotUser;
+        uid = config.ids.uids.fprot;
+        description = "F-Prot daemon user";
+        home = stateDir;
+      };
+
+    users.extraGroups = singleton
+      { name = fprotGroup;
+        gid = config.ids.gids.fprot;
+      };
+
+    services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];
+
+    jobs = {
+      fprot_updater = {
+	name = "fprot-updater";
+	  task = true;
+
+	  # have to copy fpupdate executable because it insists on storing the virus database in the same dir
+          preStart = ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${fprotUser}:${fprotGroup} ${stateDir}
+	    cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
+	    ln -sf ${cfg.updater.productData} ${stateDir}/product.data
+          '';
+	  #setuid = fprotUser;
+	  #setgid = fprotGroup;
+          exec = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
+      }; 
+    };
+
+ };
+
+}
\ No newline at end of file