Оффлайн
- Регистрация
- 9 Май 2015
- Сообщения
- 1,605
- Баллы
- 155
Hello, I'm Maneshwar. I'm working on currently building *one place for all dev tools, cheat codes, and TLDRs* — a free, open-source hub where developers can quickly find and use tools without any hassle of searching all over the internet.
Server admins often install ClamAV using the default package and immediately hit a wall:
clamscan eats RAM, the server freezes, and everything goes to hell.
The fix?
Stop using clamscan and switch to clamd + clamdscan with proper tuning.
This guide shows you exactly how to install, configure, and run ClamAV scans safely on a 4GB RAM machine.
Why Is a Problem on Low-RAM Servers
clamscan is the standalone command-line scanner.
Every time you run it:
This creates high CPU + heavy RAM spikes → a 4GB server suffers.
clamd is a persistent daemon:
You only start the daemon when you want to scan (e.g., nightly), and stop it afterward.
Perfect for low-RAM VPS.
1. Install ClamAV Daemon
sudo apt update
sudo apt install clamav-daemon
This gives you:
Edit:
/etc/clamav/clamd.conf
Use these settings:
ConcurrentDatabaseReload no
ExitOnOOM yes
MaxThreads 1
MaxQueue 2
ScanOnAccess no
#CompressLocalDatabase false
What these do:
These are safe defaults and keep RAM usage predictable.
3. Configure freshclam (Database Updater)
Edit:
/etc/clamav/freshclam.conf
Example (your actual config):
TestDatabases no
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
Checks 0
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
The main part here is Checks 0.
This means freshclam won't auto-update.
If you want ClamAV to update daily (recommended):
Change to:
Checks 1
This runs 1 updates per day.
4. Start clamd ONLY When You Need It
On a 4GB server, you should not run clamd constantly.
Disable:
sudo systemctl disable clamav-daemon
sudo systemctl stop clamav-daemon
Later, when scanning:
sudo systemctl start clamav-daemon
sleep 20 # wait for DB load
After scanning:
sudo systemctl stop clamav-daemon
5. Run Scan Using clamdscan (Not clamscan)
Use:
sudo clamdscan --multiscan --fdpass --move=/var/quarantine /
This runs MUCH faster than clamscan and uses less RAM.
6. Automating Nightly Scans
Cron example:
30 04 * * * sudo /bin/bash -lc "/home/ubuntu/crons/scan_and_audit.sh"
Your script should:
This avoids clamd running all day and eating RAM.
7. Expected RAM Usage
On a 4GB machine:
This is why starting/stopping clamd is perfect.
Conclusion
Running ClamAV on a 4GB server is totally safe if you use:
This setup avoids RAM spikes and gives you fast, efficient scanning on even the smallest VPS.
I’ve been building FreeDevTools.
A collection of UI/UX-focused tools crafted to simplify workflows, save time, and reduce friction in searching tools/materials.
Any feedback or contributors are welcome!
It’s online, open-source, and ready for anyone to use.
Check it out:
Star it on GitHub:
Server admins often install ClamAV using the default package and immediately hit a wall:
clamscan eats RAM, the server freezes, and everything goes to hell.
The fix?
Stop using clamscan and switch to clamd + clamdscan with proper tuning.
This guide shows you exactly how to install, configure, and run ClamAV scans safely on a 4GB RAM machine.
Why Is a Problem on Low-RAM Servers
clamscan is the standalone command-line scanner.
Every time you run it:
- It loads the ENTIRE virus database (600MB–900MB) into RAM
- It unloads it after the scan
- It does this again for each run
This creates high CPU + heavy RAM spikes → a 4GB server suffers.
clamd is a persistent daemon:
- Loads the virus database once
- Stays in memory
- clamdscan sends scan requests to the daemon
- Fast scanning
- Lower peak RAM usage
- No repeated DB loading
You only start the daemon when you want to scan (e.g., nightly), and stop it afterward.
Perfect for low-RAM VPS.
1. Install ClamAV Daemon
sudo apt update
sudo apt install clamav-daemon
This gives you:
- /usr/sbin/clamd
- /usr/bin/clamdscan
- A systemd service: clamav-daemon
Edit:
/etc/clamav/clamd.conf
Use these settings:
ConcurrentDatabaseReload no
ExitOnOOM yes
MaxThreads 1
MaxQueue 2
ScanOnAccess no
#CompressLocalDatabase false
What these do:
- MaxThreads 1 → prevents CPU/RAM spikes
- ExitOnOOM yes → daemon dies safely instead of killing your server
- ScanOnAccess no → disables real-time scanning (you don’t want this on 4GB)
- MaxQueue 2 → limits queued scan jobs (double of threads)
- ConcurrentDatabaseReload no → prevents expensive DB reloads
These are safe defaults and keep RAM usage predictable.
3. Configure freshclam (Database Updater)
Edit:
/etc/clamav/freshclam.conf
Example (your actual config):
TestDatabases no
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
Checks 0
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
The main part here is Checks 0.
This means freshclam won't auto-update.
If you want ClamAV to update daily (recommended):
Change to:
Checks 1
This runs 1 updates per day.
4. Start clamd ONLY When You Need It
On a 4GB server, you should not run clamd constantly.
Disable:
sudo systemctl disable clamav-daemon
sudo systemctl stop clamav-daemon
Later, when scanning:
sudo systemctl start clamav-daemon
sleep 20 # wait for DB load
After scanning:
sudo systemctl stop clamav-daemon
5. Run Scan Using clamdscan (Not clamscan)
Use:
sudo clamdscan --multiscan --fdpass --move=/var/quarantine /
- --multiscan = splits work
- --fdpass = lets clamd access protected files
- --move=/var/quarantine = moves infected files
This runs MUCH faster than clamscan and uses less RAM.
6. Automating Nightly Scans
Cron example:
30 04 * * * sudo /bin/bash -lc "/home/ubuntu/crons/scan_and_audit.sh"
Your script should:
- start clamd
- run clamdscan
- stop clamd
- log results
- notify (optional)
This avoids clamd running all day and eating RAM.
7. Expected RAM Usage
On a 4GB machine:
- clamd running: 800MB–1.1GB RAM
- clamd stopped: 0 RAM
- freshclam occasionally: 20–40MB
This is why starting/stopping clamd is perfect.
Conclusion
Running ClamAV on a 4GB server is totally safe if you use:
- clamd + clamdscan
- low-RAM configs
- scheduled scans
- on-access scanning disabled
- clamd started only when scanning
This setup avoids RAM spikes and gives you fast, efficient scanning on even the smallest VPS.
I’ve been building FreeDevTools.
A collection of UI/UX-focused tools crafted to simplify workflows, save time, and reduce friction in searching tools/materials.
Any feedback or contributors are welcome!
It’s online, open-source, and ready for anyone to use.
Check it out: Star it on GitHub: