Default user is 'clamav', default group is 'daemon', default configuration files are located in '/etc/clamav', default socket + log + database directory for clamd and freshclam is /var/share/clamav/, the default socket + log directory for clamav-milter is /var/share/milter/. The main reason is, that clamAV this allows one to get a litle bit more control wrt. access permissions than the clamAV builtin options provide. System startup scripts, require a user named 'clamav', which is used to run the virus signature database update, the clam daemon, as well as the database update tool freshclam. In case your system has no such user, you should create one. E.g. with an passwd entry like: clamav:x:89:12:Clam AntiVirus:/var/share/clamav:/bin/true use useradd -c 'Clam AntiVirus' -d /var/share/clamav -u 89 -g daemon clamav The IPS package creates this user automatically, the SysV package gives you the freedom to do, what you think is appropriate. NOTE: ----- Since ClamAV 0.95 a separate config file is required for clamd as well as clamfresh as well as clamav-milter! You may take over some but probably not all config values from your old /etc/clamd.conf file. One may produce a default config file using clamconf -g {clamd|freshclam|milter} >/tmp/clam.conf This version is slightly modified from its original version (most of them wrt. the milter): - improved, consistent milter log format for easier automatic processing: {CLEAN|INFECTED} %s: from='%s' to='%s' [remote='%s' ][helo='%s' ][subject='%s' message-id='%s' date='%s' ][virus='%s'] Whether the [] enclosed items appear, depends on the log configuration or whether a virus has been found. If 'Full' logging is enabled, a '?' otherwise an empty string will be used for unknown aka unset items. - additional milter log infos (see LogInfoRemoteHost and LogInfoHelo options in milter.conf). - default milter configuration file name is /etc/clamav/milter.conf instead of /etc/clamav-milter.conf - clamfresh 'UpdateLogFile' option has been renamed to 'LogFile' - if the 'AddHeader' option is set to != 'No', an 'X-Milter' header gets append to the email headers, which contains the clamAV version, hostname and result of the scan. The original behavior to add, insert, or replace a 'X-Virus-Scanned' and 'X-Virus-Status' header has been dropped because it makes no sense at all. - If a viraction has been set, it gets called only _once_, not for every single recipient. argv[4] contains the list of all recipients separated by a comma. The list may contain a '?' if the recipient could not be determined or there was not enough memory to allocate the corresponding string. Furthermore there will be only one log entry per message wrt. the scan result, no matter whether SupportMultipleRecipients is set to 'yes' or not. - The 'User', 'AllowSupplementaryGroups', 'DatabaseOwner', 'LocalSocketGroup', and 'MilterSocketGroup' have been removed. The related daemons should be always run as unprivileged users having the proper read/write permission for the files and directories they need. - all programs now use reasonable/recommended defaults - clamconf usebility and output readability has been slightly improved - minor man page improvements/corrections - Solaris SMF support ClamAV services are managed by the service management facility, smf(5) and are disabled by default. To enable one or more of these service use: svcadm enable clamscan svcadm enable clamfresh svcadm enable clammilter For more information see clamd(1M), freshclam(1) and clamav-milter(1M).