Enable quarantine and priv sep

templates/Fedora/34/etc/clamd.d/scan.conf

@@ -220,6 +220,7 @@ TCPAddr 127.0.0.1
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
 # User clamscan
+User clamscan
 
 # Stop daemon when libclamav reports out of memory condition.
 #ExitOnOOM yes
@@ -739,7 +740,6 @@ OnAccessMountPath {{ item.mount }}
 # root user from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: no
 #OnAccessExcludeRootUID no
-OnAccessExcludeRootUID yes
 
 # With this option you can whitelist specific UIDs. Processes with these UIDs
 # will be able to access all files without triggering scans or permission
@@ -762,9 +762,9 @@ OnAccessExcludeRootUID yes
 # OnAccessExcludeUID option.
 # Default: disabled
 #OnAccessExcludeUname clamav
-# XXX OnAccessExcludeUname clamilt
-# XXX OnAccessExcludeUname clamscan
-# XXX OnAccessExcludeUname clamupdate
+OnAccessExcludeUname clamilt
+OnAccessExcludeUname clamscan
+OnAccessExcludeUname clamupdate
 
 # Number of times the OnAccess client will retry a failed scan due to
 # connection problems (or other issues).