clamdscan is just a command line tool that issues commands to clamav-daemon. The files are scanned by clamav-daemon, which runs as a daemon with clamav user (by default). You can only scan folders and files to which clamav-daemon (the clamav user) has access to.
So if you want to check a directory like /a/b/c, every directory along the way has to have the correct permissions for clamav user to access them. If /a doesn’t have it, clamav-daemon can’t get to b or c…
clamdscan is not really ment to be run by normal users from the command line. If you really want that, you have to give the correct permissions to clamav-daemon (= clamav user).
clamscan on the other hand should work just fine on every directory your user has access to, it’s just that it’s slower because it has to load the virus database at startup.
The above goes when apparmor/selinux is not running. If apparmor is running, there are more restrictions on clamav-daemon.
clamdscan 其實就是 clamd 服務，而服務預設是由「clamav」這帳號啟動的。所以當我們提出掃描檔案時clamd就會以clamav帳號的身份進入到指定的目錄下檢查指定的檔案。如果指定的檔案路徑clamav沒有權限可以進入和讀取，就會丟出無法存取權限deny的錯誤。
除了 clamav 帳號的訪問權限外，如果apparmor有限定clamd的設定也會引響clamdscan 的運作。