Tony Check yous files: For example clamscan --quiet --database=/path/to/winnow_phish_complete.ndb some_test_fileIf these pass (Mine do) which I expect then you probably have a memory allocation issue and eed to open a bug report.
Tom At 12:44 PM +0200 10/23/09, tonio@xxxxxxxxxxxxxx wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerard a écrit :On Fri, 23 Oct 2009 11:46:03 +0200 tonio@xxxxxxxxxxxxxx <tonio@xxxxxxxxxxxxxx> replied:Steve Basford a écrit :Hi All, I'm pleased to announce two new signatures databases: New Database 1: Database name: spearl.ndb Description: phishing_links is a list of generic forms used for e-mail account phishing Provider: APER Risk of FP's: low Website: http://code DOT google DOT com/p/anti-phishing-email-reply/ New Database 2: Database name: scamnailer.ndb Note: this database may use more cpu resources, due to extensive use of conditional signatures Description: This uses far more than just the well-known list of phishing email addresses published on SourceForge. It also uses a very large list of addresses, which have been discovered and manually checked by a large and very well known corporation on the web, which you will definitely have heard of Provider: Julian Field/Tony Finch Risk of FP's: medium Website: www DOT scamnailer DOT info New scripts will no doubt be available soon to take advantage of these two new databases (unless you edit them yourself) In other news: a) Tweaks have been made to spear.ndb file to improve the detection rates. b) Lots of generic signatures to help block spear phishing have been added to phish.ndb (generally Sanesecurity.Phishing.Fake's) Cheers, Steve Sanesecurityhi i've the same problem with scamnailer.ndb as lately with signature MSRBL-SPAM and winnow_phish_complete (see previous thread): ClamAV update process started at Fri Oct 23 11:42:43 2009 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) daily.cld is up to date (version: 9930, sigs: 92347, f-level: 43, builder: guitar) LibClamAV Error: mpool_malloc(): Attempt to allocate 2097152 bytes. Please report to http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem adding signature (3). LibClamAV Error: Problem parsing database at line 2880 LibClamAV Error: Can't load /var/lib/clamav/scamnailer.ndb: Malformed database ERROR: Malformed database Clamav 0.95.2I am not sure how the script you are using works; however, you could try this. 1) Locate the offending signature file(s) A) Check if copies of the original downloaded files are still there 2) Delete them 3) Restart clamav 4) See if any errors are reported 5) Run you script with full logging if possible 6) Check the clamav log to see if the files were correctly loaded.already done. if i delete offendig file, clamd starting ok. i'm using bill landry' script version 3.5 i've also tried to manually donwload signature file from original source: wget http://www.mailscanner.eu/scamnailer.ndb same error when i restart clamd: LibClamAV Error: mpool_malloc(): Attempt to allocate 2097152 bytes. Please report to http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem adding signature (3). LibClamAV Error: Problem parsing database at line 1871 LibClamAV Error: Can't load /var/lib/clamav/scamnailer.ndb: Malformed database ERROR: Malformed database -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrhiRMACgkQ8FtMlUNHQIO6IACffrKPodSXtlLDpoQohTTAq4xH pK8AoKnYyNy62XtTPbTbO7IPLMPqzh7I =fn8a -----END PGP SIGNATURE-----