Since spring 2007 startup time for clamscan jumped from less than a second to over a minute. Thus with current spam rate no live system will be able to run with this recipe successfully. This could be mitigated by running clamdscan instead of clamscan. But then you need to have the clamd running in the background - which runs against the very idea of an on-demand-only scanning.
So this article is kept for historical reasons. For a better but still (moderately) low-impcat system nowadays use some small wrapper like ClamSMTP. Perl-based systems like Amavis, Spamassassin or like need more memory and performance.
Unfortunately that setup will permanently cost you some 20-40MB of memory, which is preciously low if you're being hosted on a shared server environment like User-mode Linux. Try to run Apache and MySQL alongside, and you'll encounter resource problems.
One way to mitigate these problems is to run ClamScan each time a mail gets delivered instead permanently. If no mail is being delivered, there is no AV software in memory, leaving it free for an occasional peak in LAMP usage.
A clean approach (again using Postfix) with one single, central config is to use ENSITA/clamfilter (beware: there are two programs called CLAMFILTER) configured to call clamscan instead of clamdscan. The single problem is that it could try to run multiple instances of the virus scanner when delivering multiple mails simultaneoursly - and thus might run into ressource problems.
The solution described here works for basically any MTD/MDA and limits the number of simultaneous scans to 1, further reducing the probability of memory exhaustion.
|Ergo: do use this recipe only if you are really low on memory and you do not have many users getting mail.|
To preserve even more memory, don't run FreshClam as daemon (~900k), but from cron. For this
# /etc/cron.d/clamav-freshclam # freshen signatures every 4 hours 23 0,4,8,12,16,20 * * * clamav /etc/init.d/clamav-freshclam no-daemon