Disable vs Remove ClamAV?

Hi guys. I'm running ISPConfig 3.3.0p2 on a system that is running Webserver, DNS-Server, Fileserver, DB-Server. Postfix is installed for basic purposes but there is no mail server on this system.
As others have experienced, there are times when the system comes up and ClamAV kills it with heavy CPU/Memory until it catches up. This system has 2 CPUs, 4GB RAM, and I recently removed the swap drive.

I don't feel a strong need to keep ClamAV on this sytem. I'm OK with disabling or removing it. What are preferred options?
1. Remove ClamAV entirely.
2. Disable/mask the services and just ignore them. Nothing depends on them.
3. Disable clamd and clamonacc and run clamscan with nice+ionice, on a schedule and only on website upload folders.

I ask here because I'm not sure if these actions have any effect on ISPConfig or if I need to remove it through ISPConfig setup. I just don't want to break anything. For example, if the ISPConfig log menu option doesn't see ClamAV logs, I don't want it to show errors or die. Or if there is some database setting for these services then I don't want to do anything at the CLI. And maybe the team is working on a new ClamAV management page that will help to fine-tune these settings. I dunno, gotta ask.

Thanks!

 

Thanks as always, Till.
The system has been running clamd, not clamDscan or clamscan. It was originally installed when this system was providing mail services, but those services have been removed.
While doing other disk maintenance I did remove a swap drive which was only there for ClamAV. Memory cap was set at MemoryHigh=700M and MemoryMax=800M. Clam signatures weigh in at over 730MB. So throttling here is expected. The clamd process got stuck in D state (uninterruptible sleep), waiting on disk I/O while it was loading signatures - not scanning. Other processes like jbd2 were hung up behind it. The issue wasn't with freshclam, signatures are current. The issue is with clamd loading the signatures and holding .7GB of 4GB RAM. After stopping the daemon, I/O wait drops to near zero and CPU goes idle. The performance issue is understandable. I'm not trying to address that as a problem.

I understand what you're saying about Clamscan starting for every email if ClamD fails. As noted, this system isn't running mail services, relay, attachment processing, or any service for which policy requires malware scanning - so there's nothing for ClamAV to do.
Clamscan is not being used (to my knowledge unless there's something in ISPConfig that runs it?). If we later setup clamdscan/clamscan to check uploaded files, and that needs swap, OK, I'll put swap back, increase limits, and maybe add more RAM.

For our purposes: I don't know:
1. If we disable or remove ClamAV with ISPConfig, like by rerunning setup or with a dbispconfig update?
2. If there are consequences with ISPConfig after disabling, or removing all Clam resources from the CLI?
3. If Clam isn't generating logs, do we need to `touch` log files so that the ClamAV Log menu option doesn't throw an error?
4. If a planned update to ISPConfig includes ClamAV management, like jailkit integration in websites, maybe for scheduling specific folders for scanning?

ISPConfig setup is very meticulous, especially for mail with Postfix, Dovecot, Clam, Amavis, Rspamd, etc. There's a lot of information about how to make features work, not so much on how to take features out. It may seem silly to someone who knows the code intimately that I ask about how to disable or remove a component, or the consequences for doing so. But it's necessary to ask, irresponsible for us to take action, until there is documentation for this. Thanks for your patience.