Comment 9 for bug 450250

These lines should be relatively safe because it provides 'r' access only. This does gives access to sensitive files such as ~/.gnupg and ~/.ssh though.

The question is whether or not this would work with 'owner'. I was assuming clamdscan would be the one needing the access, but in retrospect it may be that clamdscan just feeds the paths to clamav. We need the apparmor denied messages from /var/log/kern.log to know for sure.

Is using clamdscan in this matter normal?