Hi All,Some users (mainly x86_64 so far) noticed database errors (malformed database) when loading signatures.
As signature integrity is checked before upload to the mirrors and the download scripts check integrity before use, this issue should not arise.
With help from various people on the Sanesecurity list, the problem was narrowed down to users on x86_64 os versions eg: CentOS 5.4 on x86_64, who were using nearly all the available Third Party databases.
The typical errors were: LibClamAV Error: mpool_malloc(): Attempt to allocate 2097152 bytes. Please report to http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable LibClamAV Error: cli_parse_add(): Thanks to the ClamAV team, the bug was fixed in the clamav-devel version: clamav-devel: +Sat Oct 24 15:06:50 CEST 2009 (acab)+ * libclamav/mpool.c: increase max pool to 8M to allow loading huge custom dbs
I realise that people may not be able to move to the devel version in production environments, so the only work-around is to try and limit the number of databases that you are using....
for example: Largest size signature databases: 25/10/2009 15:53 2,526,656 jurlbl.ndb 24/10/2009 16:53 3,082,316 junk.ndb 25/10/2009 15:38 3,327,576 INetMsg-SpamDomains-2w.ndb 25/10/2009 15:29 3,886,074 scamnailer.ndb 25/10/2009 15:53 6,967,926 jurlbla.ndb 28/08/2009 12:10 9,393,566 securiteinfo.hdb 25/10/2009 15:47 12,645,831 INetMsg-SpamDomains-2m.ndb As a reminder if you are using InetMsg signatures, you need to select:*either* INetMsg-SpamDomains-2w.ndb *or* INetMsg-SpamDomains-2m.ndb *not* both to save a bit of memory.
Hopefully once the devel version bugfix makes it's way into the stable version, this problem should go away.
Sorry for any problems this has caused. Cheers, Steve Sanesecurity