After an upgrade of Fedora and subsequent reboot the permission problem returned. Same the files:

-rw-r--r-- 1 clamupdate clamupdate 293670 Apr 8 06:32 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate 107169718 Jun 22 18:06 daily.cvd
-rw-r--r-- 1 clamupdate clamupdate 117859675 Nov 25 2019 main.cvd

as well as the directory:

ls -dl /var/lib/clamav
drwxr-xr-x 4 clamupdate clamupdate 8192 Jul 13 11:39 /var/lib/clamav

Also in the clamav-unofficial-sigs.log file

Jul 13 12:14:01 ERROR: clam database directory (clam_dbs) not writable /var/lib/clamav

Permission log file is available at https://storm.cis.fordham.edu/~rkudyba/clam_perms.log

From the cron log file:
Jul 13 12:14:01 ourserver CROND[22349]: (clamav) CMD ([ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh)
Jul 13 12:14:03 ourserver CROND[22318]: (clamav) CMDEND ([ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh)

On Mon, Jul 12, 2021 at 12:31 PM Robert Kudyba <rkudyba@fordham.edu> wrote:

> grep clam /etc/passwd
> clamilt:x:989:985:Clamav Milter User:/var/run/clamav-milter:/sbin/nologin
> clamav:x:985:981::/var/run/clamav:/sbin/nologin
> clamupdate:x:983:979:Clamav database update user:/var/lib/clamav:/sbin/nologin
> clamscan:x:982:978:Clamav scanner user:/:/sbin/nologin

Interesting. The 'clamav' user seems not to have been created by the
same setup process which created the other three, since it didn't get
a text description. There's a suspicious gap in the numeric IDs from
985:981 to 989:985 like the milter IDs were added later. Make sense?

What does

grep clam /etc/group

give you?
grep clam /etc/group
clamilt:x:985:clamav,clamscan
clamav:x:981:clamscan,clamilt,clamupdate
clamupdate:x:979:clamav
clamscan:x:978:clamilt,clamav
virusgroup:x:949:clamupdate,clamscan,clamilt