From Debian package 0.0.20080702-13

Allow clamd_t to read files under /usr (for Perl).                                            
Allow it to connect to amavisd_send_port_t.                                                   
Allow it to talk to itself by unix stream sockets and bind to UDP nodes.                      
Closes: #502274

Needed for running amavisd as clamd_t

unix_stream_socket connectto merged upstream in ad0aea53 (2009-07-21)

Index: policy/modules/services/clamav.te
===================================================================
--- policy/modules/services/clamav.te.orig
+++ policy/modules/services/clamav.te
@@ -68,14 +68,17 @@
 # clamd local policy
 #
 
+allow clamd_t self:process signull;
 allow clamd_t self:capability { kill setgid setuid dac_override };
 dontaudit clamd_t self:capability sys_tty_config;
 allow clamd_t self:fifo_file rw_fifo_file_perms;
 allow clamd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow clamd_t self:unix_dgram_socket create_socket_perms;
 allow clamd_t self:tcp_socket { listen accept };
-corecmd_search_bin(clamd_t)
+corecmd_exec_bin(clamd_t)
 corecmd_read_bin_symlinks(clamd_t)
+files_read_usr_files(clamd_t)
+
 optional_policy(`
 # to allow creating the unix domain socket
 	postfix_search_spool(clamd_t)
@@ -125,11 +128,13 @@
 corenet_tcp_sendrecv_generic_node(clamd_t)
 corenet_tcp_sendrecv_all_ports(clamd_t)
 corenet_tcp_sendrecv_clamd_port(clamd_t)
+corenet_tcp_sendrecv_amavisd_send_port(clamd_t)
 corenet_tcp_bind_generic_node(clamd_t)
 corenet_tcp_bind_clamd_port(clamd_t)
 corenet_tcp_bind_generic_port(clamd_t)
 corenet_tcp_connect_generic_port(clamd_t)
 corenet_sendrecv_clamd_server_packets(clamd_t)
+corenet_udp_bind_all_nodes(clamd_t)
 
 dev_read_rand(clamd_t)
 dev_read_urand(clamd_t)