[sanesecurity] Re: x86_64 users: possible malformed database problems

> +Sat Oct 24 15:06:50 CEST 2009 (acab)
> + * libclamav/mpool.c: increase max pool to 8M to allow loading huge
> custom dbs

Hm... this sounds *crazy* to me; heck, the pool should have some kind
of mechanism to allow reallocating it in case the size won't suffice
:( but
it doesn't sound like it's working this way :( worse, whenever ClamD is
reloading signatures or generating statistics it becomes deaf and dumb
so if you're trying to scan something you'll get errors or timeouts; I
don't
think this is a good thing; especially since we're dealing with an AV
scan
engine on which several apps rely (e.g. email servers and so on); see,
as I see it, whenever ClamD (e.g.) reloads the signatures it should use
a separate "pool" (a list or whatever) so that while loading the new
sigs,
the engine will still be ACTIVE and using the old ones for scanning;
once
the new sigs will be loaded/checked the AV should then hold a lock, then
SWAP the ptrs for the mem areas and release the lock; this would let the
AV scan to run even while sigs are updated, would reduce the "lock" to
a bare minimum and would at the same time avoid conflicts; pity it does
not seem like the current engine is working this way, so, if you issue a
reload command and have quite some "big" signature files, during the
reload, the scanner won't answer to requests ... oh well ... :P

Other related posts: