Hi All,
Some users (mainly x86_64 so far) noticed database errors (malformed
database) when loading signatures.
As signature integrity is checked before upload to the mirrors and the
download scripts check integrity before use, this issue should not arise.
With help from various people on the Sanesecurity list, the problem was
narrowed down to users on x86_64 os versions eg: CentOS 5.4 on x86_64,
who were using nearly all the available Third Party databases.
The typical errors were:
LibClamAV Error: mpool_malloc(): Attempt to allocate 2097152 bytes.
Please report to http://bugs.clamav.net
LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable
LibClamAV Error: cli_parse_add():
Thanks to the ClamAV team, the bug was fixed in the clamav-devel version:
clamav-devel:
+Sat Oct 24 15:06:50 CEST 2009 (acab)
+ * libclamav/mpool.c: increase max pool to 8M to allow loading huge
custom dbs
I realise that people may not be able to move to the devel version in
production environments, so the only work-around is to try and limit the
number of databases that you are using....
for example:
Largest size signature databases:
25/10/2009 15:53 2,526,656 jurlbl.ndb
24/10/2009 16:53 3,082,316 junk.ndb
25/10/2009 15:38 3,327,576 INetMsg-SpamDomains-2w.ndb
25/10/2009 15:29 3,886,074 scamnailer.ndb
25/10/2009 15:53 6,967,926 jurlbla.ndb
28/08/2009 12:10 9,393,566 securiteinfo.hdb
25/10/2009 15:47 12,645,831 INetMsg-SpamDomains-2m.ndb
As a reminder if you are using InetMsg signatures, you need to select:
*either* INetMsg-SpamDomains-2w.ndb *or* INetMsg-SpamDomains-2m.ndb
*not* both to save a bit of memory.
Hopefully once the devel version bugfix makes it's way into the stable
version, this problem should go away.
Sorry for any problems this has caused.
Cheers,
Steve
Sanesecurity
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
