Comment 4 for bug 645061

Confirmed on Lucid with (not yet) backported clamav 0.96.3 from clamav-ppa.

Seems like this is some new feature in 0.96.3 where freshclam (and indeed clamav-daemon too) does some checking in /proc/self and also /proc/filesystems. Attached some syslog entries which appear exactly after freshclam is done downloading .cvd files (virus definition databases).

The warnings seem to go away when adding the following line to /etc/apparmor.d/local/usr.bin.freshclam:

  /proc/** r,

This doesn't seem to be a bug in clamav but a too restrictive apparmor profile.