Well, it was a permission issue indeed. I ran clamd@scan as root by adding User=root to its systemd service file, also removed User clamscan from the config file, then it worked, having access to the home folder.
Basically, clamonacc (as root) should have used fdpass functionality to allow access to files via local socket, but it’s not working for some reason. Running clamd as root works on the other hand.
Technically running clamd as root is probably a security risk as it could be used as an exploit vector for privilege escalation.
I got this working previously without doing so but there was a couple of things that had to be done first.
One was to update an selinux boolean (as mentioned in the official documentation). The other part of it was to give the clamscan user group level access to your home folder.
Once I did these things I was able to get it working properly as configured for the files I needed it to scan without generating permissions errors every time. I was able to find these things by reading the clam website documentation and a few other internet searches. I do remember having to add either a clam group or a clam user (system group/user) in order for this to happen as it wasn’t done as part of the repo package…probably should have lodged a bug but at the time I got it working myself.
In the solution here, it’s not very clear what is meant by “update an selinux boolean”, do you perhaps have a link to the docs you’re referring to?
I’m having the same issues with running ClamAV on Fedora 36, and tried running clamd as root, which didn’t help, and running sudo setfacl had no effect either, even after restarting the services.
Something that did seem to get me a bit further was to set --fdpass on clamonacc, however, this introduces a slew of new errors reading: no reply from clamd
Software from more than a year ago likely is not the same as today and your issue deserves its own thread so it gets proper attention.
A Thread that already has a solution should not be reopened for a new issue…