Permission error of .sock file with ClamAV

I updated ClamAV to 0.100.1 with YUM. Then “clamav.sock” has been denied permission.

RuntimeException: Cannot connect to “/var/run/clamd.scan/clamd.sock”: Permission denied (code 13)
stream_socket_client(): unable to connect to unix:///var/run/clamd.scan/clamd.sock (Permission denied) at /NEXTCLOUD/apps/files_antivirus/lib/Scanner/External.php#41

Before updating it worked normally.
Is this a problem with clamav? Or is it a problem on the app side of Nextcloud?

Currently I assign “USER:root” to “/var/run/clamd.scan” below.
I do not know if this is the right way. If there is an update of ClamAV, resetting is necessary.

I differ in the execution user of ClamAV. I am not running Nextcloud as root user. I changed the owners of “/var/run/clamd.scan/~” and “/var/lib/clamav/~” to execution users. I also tried to designate an execution user instead of root in owner setting items of scan.conf and frelshclam.conf. But it is still the same error. I also tried to include users in groups.
Of course, I can run clamdscan without trouble by SSH and root user.

How can I run Nextcloud’s clamav as a execution user?

You have to set the access rights for the clamd socket correctly, so that the web server user is able to access it. World readable access rights could e.g. look like this: srw-rw-rw- 1 clamav trusted 0 Mar 3 20:15 /run/clamd

The same permission is set for clamd.sock.
Does the directory of ‘/var/run/clamd.scan’ also need to be socketed?

The directory has the following settings on my system: drwxrwxrwt 13 root root 1260 Mar 4 12:53 /run.

Is that “1777”? I get a different error if I change permissions on it. Conversely, it will be impossible to upload. In my case the permission seems to not work unless it is “1700 | 0700 | 1770 | 0770”.

Error when I make it to 777:

[webdav] Fatal: Sabre\DAV\Exception: Error while copying file to target location (copied bytes: 0, expected filesize: 0 ) at <<closure>>

0. /MYNEXTCLOUD/apps/dav/lib/Connector/Sabre/Directory.php line 156
1. /MYNEXTCLOUD/3rdparty/sabre/dav/lib/DAV/Server.php line 1096
   createFile("TEST.txt", null)
2. /MYNEXTCLOUD/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 525
   createFile("TEST.txt", null, null)
3. <<closure>>
   httpPut(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
4. /MYNEXTCLOUD/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105
   call_user_func_array([Sabre\DAV\CorePlugin {},"httpPut"], [Sabre\HTTP\Requ ... }])
5. /MYNEXTCLOUD/3rdparty/sabre/dav/lib/DAV/Server.php line 479
   emit("method:PUT", [Sabre\HTTP\Requ ... }])
6. /MYNEXTCLOUD/3rdparty/sabre/dav/lib/DAV/Server.php line 254
   invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
7. /MYNEXTCLOUD/apps/dav/appinfo/v1/webdav.php line 80
8. /MYNEXTCLOUD/remote.php line 163
   require_once("MYNEXTCL ... p")

PUT /remote.php/webdav/TEST.txt
from XX.XXX.XXX.XX by NEXTCLOUD-USER at 2019-03-05T09:18:35+09:100:

Is this another thing a problem? For example Windows WebDAV?
When I set the permission to ‘777’, the above error does not occur when uploading via web browser, but the above error occurs via WebDAV (Windows Network drive).

The access rights are indeed 1777.