We are using clamav-daemon as well as clamav-freshclam on Ubuntu 16.04. Because we like to monitor those processes with monit we need the PID files. So when booting the system, we never get the PID files, because the services are unable to write into the default /var/run/clamav folder.
The message in the log files is "ERROR: Can't save PID in file /var/run/clamav/clamd.pid".
When we (re-)start the services manually with e.g. "service clamav-daemon restart", everything works.
There are two different problems here:
1. the init script /etc/init.d/clamav-daemon is changing the permissions on the folder /var/run/clamav no matter if you start/stop/restart or whatsoever, BUT the systemd script used at boot time in /lib/systemd/system/clamav-daemon.service is not. So it won't be able to create the PID file.
2. folder /var/run is a tmpfs and will be created with every reboot, so changing the permissions once, won't last long. The systemd or init script has to change the permissions itself.
So one solutions could be to add the following two lines to /lib/systemd/system/clamav-daemon.service and /lib/systemd/system/clamav-freshclam.service
ExecStartPre=/bin/mkdir -p /var/run/clamav
ExecStartPre=/bin/chown clamav /var/run/clamav
I forgot to mention that the above solution works within our LXC guest environments, but it is not sufficient when running on physical hardware.
It seems, that the clamav startup scripts are executed a bit too early. When they are started, the folder /run or /var/run is not yet a tmpfs. So the PID files will be written to the harddisk instead of the tmpfs. When the system is now putting the tmpfs over /run the PIDs are virtually gone and the monitoring service is unable to see them.
The systemd scripts clamav-
After=network.
Honestly I don't know which service is the best one to wait for here. I just chose network.target, because I knew it is going to be late enough. Maybe someone has a better idea here.