I recently needed to deploy ClamAV in resource-constrained environments, and the default database, even after they roughly halved it (ClamAV shrinking virus database by removing old signatures), is still way too big. So, I made a tool to prune the database in various ways.
I use it to rip out all of the Windows and Mac specific signatures, since the devices I need it on are exclusively Linux, and will never interact with Windows or Mac systems, so something like 80% of signatures are useless wastes of space and CPU, and it’s harmless to remove them.
If anybody has similar requirements, you might find it useful:
Note that if you’re running a mail server with Windows and Mac OS clients, you can’t usefully purge much of the database, so this tool won’t do much good. It remains true that if you need ClamAV for email in a Virtualmin system, you need plenty of RAM (though less RAM than you needed a month ago, as the process size with the standard database is now something like 600MB instead of 1.1+GB).
This isn’t a Virtualmin project/product, and I’m not recommending it for any particular purpose, it’s just a thing I needed for my day job and figured others might find it useful. I know there are folks here who use ClamAV and maybe use it for things like malware scanning of their servers (the maldet project has contributed a bunch of signatures to the ClamAV project, so it already detects some malware, and you can also use maldet signatures directly). I don’t know enough about those use cases to make recommendations, though, so don’t ask.
If you find bugs, feel free to post an issue to the project page.