Hi there,
On Sat, 31 Oct 2020, Tsutomu Oyamada wrote:
Scanning certain files will result in a memory error in clamd version 0.101.5.
In the context of virus scanning, one year old is very old indeed.
On Sat, 31 Oct 2020, G.W. Haywood wrote:
That is rather an old version, released over a year ago. There have
been some significant changes since then. You should upgrade.
See for example
https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html
--
On Sat, 31 Oct 2020, Tsutomu Oyamada wrote:
The platform is AIX. This behavior does not occur in CVD version
25904, but does occur in CVD version 25973.
On Sun, 1 Nov 2020, Tsutomu Oyamada wrote:
The RAM size of my system is 4GB.
The amount of free RAM is what matters. Yesterday I showed you how
much free RAM there is on my dedicated clamd server. I doubt that you
are using your AIX system as a dedicated clamd server, so what else is
it doing and how much RAM does that leave free?
I think it's not a system spec issue, it's a CVD issue.
This is because an event occurred in the CVD update.
It may or may not be a signature issue, but it will be a lot easier to
troubleshoot if you are using the current version of ClamAV - which
you should be doing anyway, so that's the first thing you need to do.
As you will see if you read the release notes in the link I gave above,
even version 0.102 fixed many faults to be found in older versions.
The scan results which I showed you yesterday used the _same_ version
of the daily database with which you claim to be having trouble:
8<--
$ grep 2597[345] /var/log/clamav/freshclam.log
Fri Oct 30 15:55:54 2020 -> daily database available for update (local version: 25972, remote version: 25973)
Fri Oct 30 15:56:31 2020 -> daily.cld updated (version: 25973, sigs: 4337152,
f-level: 63, builder: raynman)
Sat Oct 31 03:56:33 2020 -> daily.cld database is up to date (version: 25973,
sigs: 4337152, f-level: 63, builder: raynman)
Sun Nov 1 03:58:58 2020 -> daily database available for update (local version:
25973, remote version: 25974)
Sun Nov 1 03:59:33 2020 -> daily.cld updated (version: 25974, sigs: 4337524,
f-level: 63, builder: raynman)
8<--
As I said yesterday, scanning the same file here with a recent version
of ClamAV, using the same database, and plenty of free RAM, does not
appear to show the same issue. In case the file was somehow corrupted
in transfer by email, in my post yesterday to you I gave the md5sum of
the file I scanned, which is
bc14659c084333c99bfcc728ef6744bd
so that you can check that we are indeed scanning the same thing. I
also showed you how to check that your system has sufficient free RAM.
Do you have enough *free* RAM?
Does your problem still appear with the *current* version of ClamAV?
Are you sure that the problem appears on your AIX system but not our
Linux system, using the same ClamAV version, and the same database,
and with sufficient free RAM?
These questions need to be answered. It's up to you to provide those
answers. It _is_ possible that there is an issue with version 25973
of the daily database, these things do happen. But I haven't seen it,
and if it were a problem affecting all ClamAV installations you could
reasonably expect that you would by now have seen many more enquiries
on this list about it.
I repeat my suggestions that you
(1) upgrade your version of ClamAV, from the one year old version 0.101
to the current version 0.103 (which you should have done already, even
if you did *not* have memory issues like this) and then
(2) if the problem persists and you are quite sure that you and I are
scanning the same file and that you have sufficient free RAM, so that
it can be investigated try to narrow it down to a single signature
which causes problems on your system. That should be straightforward.
--
73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
