The antivirus scanner script is /home/admispconfig/ispconfig/tools/clamav/bin/trashscan.
There are also some procmail recipes in each user's directory like .antivirus.rc, .html-trap.rc, and .local-rules.rc that might be of interest to you.
Also, is there anyway of retrieving a mail users password, i gather ispconfigs not showing of it as a security measure but cant seem to retrieve em via phpmyadmin either...and sometimes its necesary for us to retrieve user passwords for support purposes.
No, because ISPConfig does not store the passwords anywhere. They go immediately to /etc/shadow (in encrypted form), so there'S no way of retrieving a lost password. So you have to give your users new passwords (and tell them to be more carefully... They wouldn't handle the keys to their cars that carelessly, would they?)