I've been having fun with users and permissions today - I've just updated a server to run clamav/freshclam/qmail-scanner as root.root instead of qscand.qscand in order to get the FTP upload scanning to work (NOT using ASL kernel -- this is a VPS).
Having done that, I found some oddities with pyzor which were relatively easy to deal with.
However, I noted the following in my logs
Aug 22 19:52:14 ip147 spamd: spamd: setuid to root succeeded
Aug 22 19:52:14 ip147 spamd: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Is this normal?
I really, really don't lik running all those things as root. I'm starting to think the risk may be greater than the protection that the FTP scanning might provide.