ClamAV Unofficial Signatures

Running as a restricted user
The package does not provide its own user, but it does share most of its privileges with. So it makes some sense to run the unofficial update script as the clamav user. There are only a few steps to doing this:

First, give the clamav user a working shell:

Now lock the account so no one can use it:

Disable the user/group in the config file:

And now, run the script (in a cron job or wherever) as the clamav user:

If you use logrotate, you'll need to change the permissions on the rotated logs: