Under what circumstances can we safely disable ClamAV – the ubiquitous antivirus on a Linux server? I recently migrated my site WP-Tweaks to a NameHero “Managed Cloud” VPS. The increased dedicated resources make my site hum along nicely – operations that used to take a long time were near-instantaneous. I’ve often found myself randomly opening my WordPress dashboard just to enjoy seeing it load almost immediately – I’m so used to waiting! However, with so much power comes a responsibility to look after the health of your server.
ClamAV Antivirus Hogging System Memory
Part of this means keeping an eye on system resources, and after the NameHero admin team set up my VPS, I went around kicking the tires of the new InterWorx dashboard and came to a section on “System Graphs”. Here I was able to monitor the various resources of my server – CPU, connections, processes, and more. And to my surprise, there wasn’t as much free memory as I’d expected. It was around 80% full. With 2 GB of RAM, I wondered what was taking up so much space.
So I ran the following command on the SSH terminal to see what was up:
ps -o pid,user,%mem,command ax | sort -b -k3 -r
This Linux command gives you a list of all processes sorted by how much memory they consume, in descending order. Very useful to see which ones are hogging memory!
To my surprise, 42% of the available memory was being used by a service called “clamav”. Upon a little digging, I found that ClamAV is the “de facto” antivirus software installed on Linux servers. The reason it uses up such huge amounts of memory is that it keeps the virus signatures in active RAM, so scanning is fast.
But with 2 GB of RAM quickly getting eaten up ClamAV, I felt I needed to do something.
ClamAV is Mostly Used for E-mail Scanning
Based on my research, I found that the primary purpose of ClamAV is to scan incoming e-mail attachments. The consensus appears to be that the real target of Linux antivirus systems is Windows users who might be vulnerable to malicious e-mail attachments. As a result, Linux servers need to constantly run antivirus software to keep those who receive mail safe and sound.
But I barely use my server for e-mail at all.
Disabling E-mail on the Server
E-mail is one of those messy server functions that I feel is best handled by a 3rd party. There are too many issues to deal with, and spam and viruses are a huge part of that. Not to mention problems like storage, efficient mail delivery, and more. In fact, I’d like to turn off e-mail handling by my server entirely.
So I went to my VPS’s dashboard and systematically disabled all incoming e-mail functionality. I retained the outgoing capability since it’s useful for receiving server notifications. But with nothing coming in, I don’t need to worry about virus attachments and the like.
In my post on e-mail marketing mistakes,
Disabling ClamAV After Disabling Incoming E-mail
Once I’d made sure that I couldn’t receive email from anyone, I went ahead and disabled ClamAV from the InterWorx dashboard:
I also ensure that it couldn’t run on startup:
Once that was done, I then rechecked my system resources graph to see whether it had made a difference. And it had!
My system’s free memory went from being almost nothing to more than half. And that’s just the way I like it. I suggest everyone tries a similar solution. Find a 3rd party to deliver and accept e-mails on your behalf, and don’t burden your server with the cumbersome antivirus scanning that takes up so much space!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply