Getting rid of clamav

Clamav is causing a lot of issues. None of my clients run Windows so its use is debatable. The only reason I haven’t gotten rid of it yet is because I’m not quite sure how, it looks like apt-get remove will break the mail wrappers.

Any tips for what I should do so I don’t run into a mail-breaking gotcha?

Well, first off, some of those issues may be fixable.

However, if you’re really interested in getting rid of it, rather than deleting it altogether, I might first just get your system to stop using it.

If you log into Virtualmin, and go into Server Settings -> Features and Plugins, you can disable Virus Scanning from in there.

Once you’ve disabled it, you can stop the clamav service.

Even if your users don’t use exploitable systems (good for them!), I’m sure they still don’t want to receive a bunch of messages that are just viruses. It’s like spam, only without trying to sell something (although sometimes virus emails double up their functionality and contain both a virus and a spam payload: woohoo, bonus!).

Just a thought. Me and Eric and Jamie are not worried about viruses on our own machines…but we don’t want to receive those emails, either. So we’ve got ClamAV running on killing those messages on arrival.

And, as Eric mentioned, whatever issues you have can be fixed. We get tons of mail, and we aren’t seeing any problems. You probably just need to switch to the clamdscan processing mode rather than clamscan.

Thanks for the tips.

I’ve already done enough yak shaving and I’m not really inclined to spend any more time given the extremely low volume of email I get.

The main issue is it takes 1 hour 20 minutes for the clamd socket to come up. This is on a 2.0ghz machine with 512mb of ram and an average load of 1.0. If I get any mail during that time, it spawns a clamscan thread at normal priority, and the cron reports alone will bring the load factor up to 200. (My workaround was to kill postfix on boot, wait for the socket, then start postfix again. This was till I found out about the socket issue being fixed in 0.90.3.)

This was because the version of clamd that comes with debian stable is 0.90.1. I selectively upgraded to the testing repo which has 0.94. Now the socket comes up instantly but it still takes 1 hour 20 minutes to read through the signatures db. Freshclam updates roughly every hour, which means that I’m almost always reloading the signatures database.

Also, when I updated packages from virtualmin, I run into this: It thinks 0.90.1 is installed, and apt says that 0.94 is available, so it offers to upgrade me. If it updates it instead install -forces the package available from the default repository (stable) which is 0.90.1.

quote- You probably just need to switch to the clamdscan processing mode rather than clamscan. -end quote
can you point me toward a FAQ on this?? we have a machine running with this same issue, going from average load of .2-.3 to 2-3 when clamav runs. which seems to be VERY often. system is P3 w/ 1Gig RAM
thanks again.


It’s actually pretty straight forward – when you log into Virtualmin, click Email Messages -> Spam and Virus Scanning.

From there, make sure that the Virus Scanning Program is set to "Server scanner (clamdscan)".