[sanesecurity] Re: winnow_phish_complete is now invalid clamav db

From: "tonio@xxxxxxxxxxxxxx" <tonio@xxxxxxxxxxxxxx>
To: sanesecurity@xxxxxxxxxxxxx
Date: Fri, 23 Oct 2009 18:04:54 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tonio a écrit :
> Quoting Gerard <gerard@xxxxxxxxxxxxx>:
>
>> On Fri, 23 Oct 2009 13:05:38 +0200 tonio@xxxxxxxxxxxxxx
>> <tonio@xxxxxxxxxxxxxx> replied:
>>
>> [snip]
>>
>>> i've compile devel version : ClamAV
>>> devel-r5076-315-g6e246c1/9930/Fri Oct 23 04:00:24 2009
>>>
>>> it's appears to be even worse. I've deleted all signature
>>> directory and restart from fresh ones. Clamd lods well with
>>> main.cvd as usual
>>>
>>> but with other signature here the output:
>>>
>>> clamd LibClamAV Error: mpool_malloc(): Attempt to allocate
>>> 1048576 bytes. Please report to http://bugs.clamav.net
>>> LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable
>>> LibClamAV Error: cli_parse_add(): Problem adding signature (3).
>>>  LibClamAV Error: Problem parsing database at line 83031
>>> LibClamAV Error: Can't load
>>> /var/lib/clamav/INetMsg-SpamDomains-2m.ndb: Malformed database
>>> ERROR: Malformed database mx1:/var/lib/clamav# rm
>>> INetMsg-SpamDomains-2m.ndb
>>>
>>> mx1:/var/lib/clamav# clamd LibClamAV Error: mpool_malloc():
>>> Attempt to allocate 1048576 bytes. Please report to
>>> http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't
>>> realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem
>>> adding signature (3). LibClamAV Error: Problem parsing database
>>> at line 4148 LibClamAV Error: Can't load
>>> /var/lib/clamav/scam.ndb: Malformed database
>>> mx1:/var/lib/clamav#  rm scam.ndb
>>>
>>> mx1:/var/lib/clamav# clamd LibClamAV Error: mpool_malloc():
>>> Attempt to allocate 1048576 bytes. Please report to
>>> http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't
>>> realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem
>>> adding signature (1). LibClamAV Error: Problem parsing database
>>> at line 275 LibClamAV Error: Can't load
>>> /var/lib/clamav/spear.ndb: Malformed database ERROR: Malformed
>>> database mx1:/var/lib/clamav# rm spear.ndb
>>>
>>> mx1:/var/lib/clamav# clamd LibClamAV Error: mpool_malloc():
>>> Attempt to allocate 1048576 bytes. Please report to
>>> http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't
>>> realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem
>>> adding signature (3). LibClamAV Error: Problem parsing database
>>> at line 792 LibClamAV Error: Can't load
>>> /var/lib/clamav/winnow_phish_complete.ndb: Malformed database
>>> ERROR: Malformed database mx1:/var/lib/clamav# rm
>>> winnow_phish_complete.ndb mx1:/var/lib/clamav# clamd
>>>
>>> clamd finally start but if i've stop and restart, it will
>>> complain in the same way about other sigs
>>
>> 1) Insure that you have the current version installed and that it
>>  is in fact the one being run. You might have multiple versions
>> available.
>
> already done.
>
>>
>> 2) Please print you OS and version, memory, CPU, etc.
>
> see below
>>
>> 3) Depending on your OS, you might be able to use 'meminfo' to
>> determine you free memory. Different systems use different
>> methods.
>>
>> -- Gerard gerard@xxxxxxxxxxxxx
>>
>> |::::======= |::::======= |=========== |=========== |
>>
>> I have that old biological urge, I have that old irresistible
>> surge, I'm hungry.
>>
>>
>>
>
>
> cat /proc/meminfo MemTotal:        3980732 kB MemFree:
> 796620 kB Buffers:           64800 kB Cached:           609052 kB
> SwapCached:       320904 kB Active:          2084928 kB Inactive:
> 958232 kB Active(anon):    1614448 kB Inactive(anon):   787092 kB
> Active(file):     470480 kB Inactive(file):   171140 kB
> Unevictable:           0 kB Mlocked:               0 kB SwapTotal:
> 12289640 kB SwapFree:       11633700 kB Dirty:                40 kB
>  Writeback:             0 kB AnonPages:       2211408 kB Mapped:
> 22912 kB Slab:              93876 kB SReclaimable:      68856 kB
> SUnreclaim:        25020 kB PageTables:        24080 kB
> NFS_Unstable:          0 kB Bounce:                0 kB
> WritebackTmp:          0 kB CommitLimit:    14280004 kB
> Committed_AS:    4917460 kB VmallocTotal:   34359738367 kB
> VmallocUsed:       39140 kB VmallocChunk:   34359682407 kB
> DirectMap4k:        4096 kB DirectMap2M:     4179968 kB
>
>
>
> cat /proc/cpuinfo processor       : 0 vendor_id       :
> GenuineIntel cpu family      : 6 model           : 23 model name
> : Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz stepping        :
> 6 cpu MHz         : 2997.000 cache size      : 6144 KB physical id
> : 0 siblings        : 2 core id         : 0 cpu cores       : 2
> apicid          : 0 initial apicid  : 0 fpu             : yes
> fpu_exception   : yes cpuid level     : 10 wp              : yes
> flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr
> pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
> pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni
> dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1
> lahf_lm tpr_shadow vnmi flexpriority bogomips        : 5999.39
> clflush size    : 64 cache_alignment : 64 address sizes   : 36 bits
> physical, 48 bits virtual power management:
>
> processor       : 1 vendor_id       : GenuineIntel cpu family
> : 6 model           : 23 model name      : Intel(R) Core(TM)2 Duo
> CPU     E8400  @ 3.00GHz stepping        : 6 cpu MHz         :
> 2997.000 cache size      : 6144 KB physical id     : 0 siblings
> : 2 core id         : 1 cpu cores       : 2 apicid          : 1
> initial apicid  : 1 fpu             : yes fpu_exception   : yes
> cpuid level     : 10 wp              : yes flags           : fpu
> vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36
> clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm
> constant_tsc arch_perfmon pebs bts rep_good pni dtes64 monitor
> ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 lahf_lm
> tpr_shadow vnmi flexpriority bogomips        : 5999.79 clflush size
> : 64 cache_alignment : 64 address sizes   : 36 bits physical, 48
> bits virtual power management:
>
>
>
> Linux mx1.eole-its.com 2.6.28.4-xxxx-std-ipv4-64 #2 SMP Wed Feb 18
> 16:34:21 UTC 2009 x86_64 GNU/Linux
>
> debian testing
>
>
>
i've notice this problem only occurs on 64 bits platform.
All my 32 bit servers work fine with all signatures.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrh1CYACgkQ8FtMlUNHQINzIgCguworx/NRxOiCEEJGfX7jYXLn
cBcAn04O2V037DY8cw4bevnxHer2ZQa6
=VeTg
-----END PGP SIGNATURE-----

Follow-Ups:

[sanesecurity] Re: winnow_phish_complete is now invalid clamav db
From: John Horne

References:
- [sanesecurity] winnow_phish_complete is now invalid clamav db
  - From: Benny Pedersen
- [sanesecurity] Re: winnow_phish_complete is now invalid clamav db
  - From: John Horne
- [sanesecurity] Re: winnow_phish_complete is now invalid clamav db
  - From: Steve Basford
- [sanesecurity] Re: winnow_phish_complete is now invalid clamav db
  - From: tonio@xxxxxxxxxxxxxx
- [sanesecurity] Re: winnow_phish_complete is now invalid clamav db
  - From: Gerard
- [sanesecurity] Re: winnow_phish_complete is now invalid clamav db
  - From: tonio

[sanesecurity] Re: winnow_phish_complete is now invalid clamav db

Other related posts: