diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index f40f880e..e3daab5e 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -6,8 +6,13 @@ COPY clamav.conf /tmp/clamav.conf
 RUN set -ex; \
     apk add --no-cache tzdata; \
     cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
-    rm /tmp/clamav.conf
+    rm /tmp/clamav.conf; \
+    mkdir -p /var/run/clamav /run/lock; \
+    chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
+    chmod 770 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock
 
-# USER root is probably used
+VOLUME /var/lib/clamav
+
+USER clamav
 
 LABEL com.centurylinklabs.watchtower.monitor-only="true"