diff --git a/roles/clamav/tasks/main.yml b/roles/clamav/tasks/main.yml
index 8957c7d..bd7983d 100644
--- a/roles/clamav/tasks/main.yml
+++ b/roles/clamav/tasks/main.yml
@@ -9,13 +9,29 @@
     - clamav-update
     - clamd
 
+- name: fix socket directory permissions
+  copy:
+    dest: /etc/tmpfiles.d/clamd.scan.conf
+    content: "d /run/clamd.scan 711 clamscan clamscan"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart clamd
+
 - name: enable clamd local socket
   lineinfile:
     path: /etc/clamd.d/scan.conf
-    regexp: "^#LocalSocket .*"
+    regexp: "^#?LocalSocket .*"
     line: "LocalSocket /run/clamd.scan/clamd.sock"
   notify: restart clamd
 
+- name: allow everyone to connect local socket
+  lineinfile:
+    path: /etc/clamd.d/scan.conf
+    regexp: "^#?LocalSocketMode .*"
+    line: "LocalSocketMode 666"
+  notify: restart clamd
+
 - name: link clamd service
   file:
     dest: /etc/systemd/system/clamd@scan.service