SquidClamav v6.x tuning
With SquidClamav v6.x the way to tune your service is to tune c-icap server and clamd daemon. On heavy http acces, putting the clamd daemon on a dedicated server with mutilple CPU will really help.
If you experience Squid "ICAP protocol error" (with bypass enabled) please consider increasing the c-icap following parameters: StartServers, MaxServers, MinSpareThreads, MaxSpareThreads, ThreadsPerChild. Increase also in clamd.conf parameter: MaxThreads may help.
SquidClamav v5.x tuning
Trust your cache!
Begining with version 4.x squidclamav detect if the file to download is already stored in Squid cache. If you activate 'trust_cache' configuration option, squidclamav will not scan anymore a file coming from Squid cache as it may have already been scanned during the first download. This save some system load and improve speed a lot!
If trust_cache is disabled, no matter if the file is stored in the cache, squidclamav will rescan the same file at each client request. But if trust_cache is enabled squidclamav "think" this file has already been scanned and so it is delivered as is to the client without a new scan.
What's going on if a downloaded file contain a virus as it is now stored in the cache ? To prevent this squidclamav send a PURGE request to squid to remove this file from cache. This mean that you MUST edit your acl to allow localhost to send PURGE method.
Trusted cache feature will be automatically disabled if the squidclient command fail or the PURGE method is forbidden.
Increase the number of listening process
Most of the time if your cache is going slow this is because Squid have to wait a free redirector to send the incoming request. In this case you will see message about redirector queue length in the squid cache.log. To fix that edit your squid.conf file and increase the numbers of 'redirect_children' or 'url_rewrite_children' depending of your Squid version.
My proxy is still slow after that!
Verify that you don't have enabled debug in squidclamav.conf. The 'degug' directive must never be activate on a production server or it will look like and old 486 computer.
Do not scan xHTML images (gif, png, jpg, ico ) as sites now use a lot of them, see squidclamav.conf to abort image scanning. Text files can also be removed from scan for better performance.
If you set the maxsize limit to a high value, you may experience client timeout and Squid may be very slow depending of the Internet usage. Try to lower this value in squidclamav.conf and the 'StreamMaxLength' in clamd.conf
You also can try to move your clamd daemon on a dedicated server or upgrade your hardware.
Still very slow? Maybe you think you can virus scan a Gigabyte iso on the fly. SquidClamav is not the tool for that !
What hardware configuration should I use?
It really depends on the number of users and their Internet usage. With 1500+ users I use a bi Dual Core with 2 Gb of memory. Maxsize is set to 5 Mb and users can not download files bigger than 20Mb. With 4000+ users a bi Quad Core with 4Gb of memory may be enough.