Configuring Clamav for enhanced virus-scanning performance

Rationale

If you have installed Clamav, the open source virus scanner, either directly or inherently by having installed ClamXav (the easiest method for OS X users), further improvements can be made over the out-of-the-box setup to improve scanning performance by setting up the clamd daemon. This daemon offers significant performance gains over the basic clamscan command in return for eating ~40MB of system RAM whilst quiescent.

Resources

Procedure

  1. This page describes the procedure for Tiger (10.4) and above. If you're using Panther (10.3) go here instead.
  2. Edit clamd.conf. I've supplied a ready-tweaked version in Resources which you can download, rename from clamd.conf.txt to clamd.conf, then drop into /usr/local/ClamXav/etc/. If however you prefer to edit your existing file for yourself:
    • open /usr/local/ClamXav/etc/clamd.conf in a text editor, e.g. pico.
    • comment out any line that begins with the text "Example". Doing so enables clamd.
    • modify the DatabaseDirectory parameter to point to where your clamav virus database resides. On a standard ClamXav install this is /usr/local/clamXav/share/clamav.
    • I've tweaked some of the other settings from default in the sample file above, notably the location and quality of logging, but the above two steps is the minimum needed to get things working.
  3. Make clamd launch at boot time.
    • In Terminal, create a LaunchDaemons folder if it is not already there: mkdir /Library/LaunchDaemons
    • Download the LaunchItem file from Resources above, and put it in this folder.
  4. Configuration finished. Reboot your machine to test that it's worked. Once you've logged in, run Activity Monitor; so long as you see 'clamd' somewhere in the list then all is well.
  5. A final tweak. If you tend to leave your machine switched on for long periods of time and let it sleep overnight, periodically your system will download virus updates. clamd needs to be made aware of these updates, and the following procedure will make that happen.
    • open /usr/local/ClamXav/etc/freshclam.conf in a text editor.
    • add this line at the end of the file: NotifyClamd /usr/local/clamXav/etc/clamd.conf
    • save and close