Actually, I was just using my homedir as an example. I was actually debugging an issue that a colleague of mine was having with interfacing with clamd in a web application. A quick googling suggests that this issue is causing problems for quite a few people - it's certainly not very user-friendly, and the security benefits are questionable. clamd is already running as a normal user, so shouldn't be able to access sensitive files anyway. I'm not sure what the point is of locking it down further - at least, not by default.
The clamdscan manpage describes clamdscan as:
clamdscan is a clamd client which may be used as a clamscan replacement.
If you're going to lock down clamd in this way, then this is incorrect, and the manpage should be updated to reflect this.
Actually, I was just using my homedir as an example. I was actually debugging an issue that a colleague of mine was having with interfacing with clamd in a web application. A quick googling suggests that this issue is causing problems for quite a few people - it's certainly not very user-friendly, and the security benefits are questionable. clamd is already running as a normal user, so shouldn't be able to access sensitive files anyway. I'm not sure what the point is of locking it down further - at least, not by default.
The clamdscan manpage describes clamdscan as:
clamdscan is a clamd client which may be used as a clamscan replacement.
If you're going to lock down clamd in this way, then this is incorrect, and the manpage should be updated to reflect this.