Could you collect the SELinux denials and attach them here?

# ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts today

The "-i" parameter is important because ausearch can translate "comm=7370616D64206368696C64" to something human readable.

I have removed the "-ts today" from the ausearch line so that I could find the one that is in the message in Comment #1.  I did that because I have installed a (temporary) local policy since filing this bug so that denials don't cause the program to fail.

----
type=SYSCALL msg=audit(28/09/16 04:09:19.042:7562) : arch=x86_64 syscall=stat success=no exit=-13(Permission denied) a0=0x364da80 a1=0x1aac138 a2=0x1aac138 a3=0x1 items=0 ppid=8770 pid=5842 auid=unset uid=root gid=root euid=logcheck suid=root fsuid=logcheck egid=logcheck sgid=root fsgid=logcheck tty=(none) ses=unset comm=spamd child exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null) 
type=AVC msg=audit(28/09/16 04:09:19.042:7562) : avc:  denied  { search } for  pid=5842 comm=spamd child name=logcheck dev="dm-7" ino=186 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir 
----

Of course, once I make a local exception for one AVC another pops up:

SELinux is preventing /usr/bin/perl from getattr access on the directory /var/lib/logcheck.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that perl should be allowed getattr access on the logcheck directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep 7370616D64206368696C64 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:spamd_t:s0
Target Context                system_u:object_r:logwatch_cache_t:s0
Target Objects                /var/lib/logcheck [ dir ]
Source                        7370616D64206368696C64
Source Path                   /usr/bin/perl
Port                          <Unknown>
Host                          server.interlinx.bc.ca
Source RPM Packages           perl-5.16.3-286.el7.x86_64
Target RPM Packages           logcheck-1.3.15-2.el7.noarch
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     server.interlinx.bc.ca
Platform                      Linux server.interlinx.bc.ca
                              3.10.0-327.28.3.el7.x86_64 #1 SMP Thu Aug 18
                              19:05:49 UTC 2016 x86_64 x86_64
Alert Count                   34
First Seen                    2016-09-28 12:10:12 EDT
Last Seen                     2016-09-29 08:09:21 EDT
Local ID                      1a399aeb-26a9-4270-b8b3-fee2802c0571

Raw Audit Messages
type=AVC msg=audit(1475150961.45:12651): avc:  denied  { getattr } for  pid=4087 comm=7370616D64206368696C64 path="/var/lib/logcheck" dev="dm-7" ino=186 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir


type=SYSCALL msg=audit(1475150961.45:12651): arch=x86_64 syscall=stat success=no exit=EACCES a0=3668810 a1=16b1138 a2=16b1138 a3=0 items=0 ppid=4083 pid=4087 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null)

Hash: 7370616D64206368696C64,spamd_t,logwatch_cache_t,dir,getattr

From ausearch:

type=SYSCALL msg=audit(29/09/16 08:09:21.045:12651) : arch=x86_64 syscall=stat success=no exit=-13(Permission denied) a0=0x3668810 a1=0x16b1138 a2=0x16b1138 a3=0x0 items=0 ppid=4083 pid=4087 auid=unset uid=root gid=root euid=logcheck suid=root fsuid=logcheck egid=logcheck sgid=root fsgid=logcheck tty=(none) ses=unset comm=spamd child exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null) 
type=AVC msg=audit(29/09/16 08:09:21.045:12651) : avc:  denied  { getattr } for  pid=4087 comm=spamd child path=/var/lib/logcheck dev="dm-7" ino=186 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir 

This one also looks related:

type=SYSCALL msg=audit(29/09/16 08:09:20.347:12648) : arch=x86_64 syscall=mkdir success=no exit=-13(Permission denied) a0=0x5969d60 a1=0755 a2=0x7f1f80387edc a3=0x0 items=0 ppid=4083 pid=4087 auid=unset uid=root gid=root euid=logcheck suid=root fsuid=logcheck egid=logcheck sgid=root fsgid=logcheck tty=(none) ses=unset comm=spamd child exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null) 
type=AVC msg=audit(29/09/16 08:09:20.347:12648) : avc:  denied  { write } for  pid=4087 comm=spamd child name=logcheck dev="dm-7" ino=186 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir

Some more alerts:

----
type=SYSCALL msg=audit(30/09/16 04:09:12.303:16319) : arch=x86_64 syscall=mkdir success=no exit=-13(Permission denied) a0=0x6b479a0 a1=0700 a2=0x7f36e75e7edc a3=0x0 items=0 ppid=8742 pid=8746 auid=unset uid=root gid=root euid=logcheck suid=root fsuid=logcheck egid=logcheck sgid=root fsgid=logcheck tty=(none) ses=unset comm=spamd child exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null) 
type=AVC msg=audit(30/09/16 04:09:12.303:16319) : avc:  denied  { add_name } for  pid=8746 comm=spamd child name=.spamassassin scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(30/09/16 04:09:11.694:16318) : arch=x86_64 syscall=mkdir success=no exit=-13(Permission denied) a0=0x65e5fc0 a1=0755 a2=0x7f36e75e7edc a3=0x0 items=0 ppid=8742 pid=8746 auid=unset uid=root gid=root euid=logcheck suid=root fsuid=logcheck egid=logcheck sgid=root fsgid=logcheck tty=(none) ses=unset comm=spamd child exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null) 
type=AVC msg=audit(30/09/16 04:09:11.694:16318) : avc:  denied  { add_name } for  pid=8746 comm=spamd child name=.razor scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir

We're going to close this bug as WONTFIX because

 * of limited capacity of selinux-policy developers
 * the bug is related to EPEL component or 3rd party SW only
 * the bug appears in unsupported configuration 

We believe this bug can be fixed via a local policy module.
For more information please see: 

 * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow

If you disagree, please re-open the bug.

We're going to close this bug as WONTFIX because

 * of limited capacity of selinux-policy developers
 * the bug is related to EPEL component or 3rd party SW only
 * the bug appears in unsupported configuration 

We believe this bug can be fixed via a local policy module.
For more information please see: 

 * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow

If you disagree, please re-open the bug.