ClamAV-clamd av-scanner FAILED: CODE(0x36ab6c8) unexpected , output="/var/lib/amavis/tmp/amavis-20160923T095247-01779-3L04SPou/parts: lstat() failed: Permission denied.

I see this behavior in package: clamav-daemon 0.99+dfsg-1ubuntu1.2 on ubuntu 16.04

You already outlined the Debian dependency to not deprecate the tunable in this case.
I think also changing the default of the config should not be a Ubuntu Delta.

Since the bug (suboptimal default) is present in Debian too it would be best fixed in Debian, and then Ubuntu will pick it up on the next merge.

Would you mind filing a bug with Debian please?

There is already a bug filed with debian.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822444

Seems that the problems is due to switching to systemd and false settings within the start of clamav.

From the bug report above:

/lib/systemd/system/clamav-daemon.service

Change ExecStart to:
ExecStart=/usr/sbin/clamd -c /etc/clamav/clamd.conf --foreground=true

Add:
User=clamav
Group=clamav

Bug on debian is closed an a fixed clamav-package should be available! But also to ubuntu?

Thanks for the info Urs!

That comes down to:
   * Drop AllowSupplementaryGroups option which is default now
     (Closes: #822444).

This is already released and available in Yakkety, but not yet in Xenial.
Since there is a confiuration workaround to it I'm not so sure on the priority of the Xenial SRU.

Hmm, I can't see why I can't add a Xenial bug task here ... FYI so you don#t think I consider all fix-released but only >=16.10

Status changed to 'Confirmed' because the bug affects multiple users.