To create individual clamd-instance take the following files and modify/copy them in the suggested way: clamd.conf: * set LocalSocket (or better: TCPSocket) and User to suitable values; avoid PidFile unless it is required by system monitoring or something else. Logging through syslog is usually better than an individual Logfile. * place this file into /etc/clamd.d with an unique service-name; e.g. as /etc/clamd.d/.conf When using TCPSocket, create iptables rules which are limiting the access by source and/or by using '-m owner'. When LogFile feature is wanted, it must be writable for the assigned User. Recommended way to reach this, is to: * make it owned by the User's *group* * assign at least 0620 (u+rw,g+w) permissions A suitable command might be | # touch | # chgrp | # chmod 0620 | # restorecon NEVER use 'clamav' as the user since he can modify the database. This is the user who is running the application; e.g. for mimedefang (http://www.roaringpenguin.com/mimedefang), the user might be 'defang'.Theoretically, distinct users could be used, but it must be made sure that the application-user can write into the socket-file, and that the clamd-user can access the files asked by the application to be checked. clamd.logrotate: (only when LogFile feature is used) * set the correct value for the logfile * place it into /etc/logrotate.d clamd@.service: (systemd instance) * instance of clamd@.service Additionally, when using LocalSocket instead of TCPSocket, the directory for the socket file must be created. For tmpfiles based systems, you might want to create a file /usr/lib/tmpfiles.d/clamd..conf with a content of | d /var/run/clamd. Adjust (0710 should suffice for most cases) and + so that the socket can be accessed by clamd and by the applications using clamd. Make sure that the socket is not world accessible; else, DOS attacks or worse are trivial. After emulating these steps by hand (or else rebooting), you still need set SELinux: chcon -t clamd_var_run_t /var/run/clamd. or restorecon -R -v "/var/run/clamd." More SELinux notes: you may need run: setsebool -P antivirus_can_scan_system 1 and also maybe this one (I need to confirm that is obsolete) setsebool -P antivirus_use_jit 1 [Disclaimer: this file and the script/configfiles are not part of the official clamav package. Please send complaints and comments to https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=clamav]