Configuring Clamav for enhanced performance (Panther OS X 10.3)

Rationale

If you have installed Clamav, the open source virus scanner, either directly or inherently by having installed ClamXav (the easiest method for OS X users), further improvements can be made over the out-of-the-box setup to improve scanning performance by setting up the clamd daemon. This daemon offers significant performance gains over the basic clamscan command in return for eating ~40MB of system RAM whilst quiescent.

Resources

Procedure

  1. Edit clamd.conf. I've supplied a ready-tweaked version in Resources which you can download, rename from clamd.conf.txt to clamd.conf, then drop into /usr/local/ClamXav/etc/. If however you prefer to edit your existing file for yourself:
    • open /usr/local/ClamXav/etc/clamd.conf in a text editor, e.g. pico.
    • comment out any line that begins with the text "Example". Doing so enables clamd.
    • modify the DatabaseDirectory parameter to point to where your clamav virus database resides. On a standard ClamXav install this is /usr/local/clamXav/share/clamav.
    • I've tweaked some of the other settings from default in the sample file above, notably the location and quality of logging, but the above two steps is the minimum needed to get things working.
  2. Make clamd launch at boot time.
    • On Tiger and above you'd use launchd to do this, but I'm using Panther so I've had to compose a StartupItem.
    • In Terminal, create a clamd StartupItem folder: mkdir /Library/StartupItems/clamd
    • Download the two StartupItem files from Resources above, and put them in your new folder.
    • Make the clamd file executable by issuing this command in your Terminal window: chmod a+x /Library/StartupItems/clamd
    • In Terminal, edit /etc/hostconfig as root (I use sudo pico /etc/hostconfig) and add the line CLAMD=-YES- at the bottom. Save and exit.
  3. Configuration finished. Reboot your machine and keep an eye on the messages that are output before the login window is displayed; if all is well you'll see 'Starting clamd' at some point, though it might zip past too quickly to be noticed. Once you've logged in, run Activity Monitor; so long as you see 'clamd' somewhere in the list then all is well.
  4. A final tweak. If you tend to leave your machine switched on for long periods of time and let it sleep overnight, periodically your system will download virus updates. clamd needs to be made aware of these updates, and the following procedure will make that happen.
    • open /usr/local/ClamXav/etc/freshclam.conf in a text editor.
    • add this line at the end of the file: NotifyClamd /usr/local/clamXav/etc/clamd.conf
    • save and close