[sanesecurity] Re: x86_64 users: possible malformed database problems

>> +Sat Oct 24 15:06:50 CEST 2009 (acab)
>> + * libclamav/mpool.c: increase max pool to 8M to allow loading huge
>> custom dbs
>
> Hm... this sounds *crazy* to me; heck, the pool should have some kind
> of mechanism to allow reallocating it in case the size won't suffice
> :( but
> it doesn't sound like it's working this way :( worse, whenever ClamD is
> reloading signatures or generating statistics it becomes deaf and dumb
> so if you're trying to scan something you'll get errors or timeouts; I
> don't
> think this is a good thing; especially since we're dealing with an AV
> scan
> engine on which several apps rely (e.g. email servers and so on); see,
> as I see it, whenever ClamD (e.g.) reloads the signatures it should use
> a separate "pool" (a list or whatever) so that while loading the new
> sigs,
> the engine will still be ACTIVE and using the old ones for scanning;
> once
> the new sigs will be loaded/checked the AV should then hold a lock, then
> SWAP the ptrs for the mem areas and release the lock; this would let the
> AV scan to run even while sigs are updated, would reduce the "lock" to
> a bare minimum and would at the same time avoid conflicts; pity it does
> not seem like the current engine is working this way, so, if you issue a
> reload command and have quite some "big" signature files, during the
> reload, the scanner won't answer to requests ... oh well ... :P

The ClamAV list would be a better place to post this, as no one on this
list has the ability to effect any changes to the ClamAV code.  Even
better might be to open a ClamAV bug report.

Bill

Other related posts: