[sanesecurity] Re: winnow_phish_complete is now invalid clamav db

  • From: Chuck Fisher <cfisher@xxxxxxxxxxxx>
  • To: sanesecurity@xxxxxxxxxxxxx
  • Date: Sat, 24 Oct 2009 11:13:35 -0500

tonio@xxxxxxxxxxxxxx wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Mansour a écrit :

Hi Peter,


Done. Bugzilla number 1722.

Done. Problem still exists. Tested under CentOS 5.4 on x86_64 using
clamav version devel-20091023.


Thanks John,

Sounds like a x86_64 problem perhaps...

Cheers,

Steve
Sanesecurity


For the record, it's working fine on CentOS 5.4 x86_64 for me (Clamd
0.95.2).

Perhaps it's related to the number of sigs loaded - I only use the
relatively safe DBs.

Also curious whether those seeing problems have run memtest86+ or similar
to verify their hardware is OK???

I am seeing this problem:

Starting Clam AntiVirus Daemon: LibClamAV Error: mpool_malloc(): Attempt to
allocate 2097152 bytes. Please report to http://bugs.clamav.net
LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable
LibClamAV Error: cli_parse_add(): Problem adding signature (1).
LibClamAV Error: Problem parsing database at line 7728
LibClamAV Error: Can't load /var/clamav/spear.ndb: Malformed database
ERROR: Malformed database

on two DL380 G4's with 4 Gb of HP ECC Registered RAM. One of them has

issues

with spear.ndb while the other has issues with scam.ndb. Extremely unlikely
it's a physical hardware RAM problem.

Other DL360's (less than G4's) also with HP ECC Registered RAM have no
problems, yet they are a mix of 2Gb and 4Gb mail servers.

The difference being, the DL380 G4's are 64bit Linux while the DL360's are
32bit Linux. So the ClamAV they're running are 64bit for the 64bit

Linux and

32bit for the 32bit Linux.

I use Dag's RPM's for ClamAV/clamd.

A good test would be to install the 32bit ClamAV/clamd onto the 64bit Linux
and see if the problem persists.

I can't do this on production servers though.

Michael.


Peter

------- End of Original Message -------





Sat Oct 24 15:06:50 CEST 2009 (acab)
- ------------------------------------
 * libclamav/mpool.c: increase max pool to 8M to allow loading huge
custom dbs

i've tested on 2 64 bits servers running all signatures and it's ok now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrjDeYACgkQ8FtMlUNHQIM6mQCbBgvzcsLkytG13iufz/zNoL28
4RwAoLr5/X0LgkXU7dJSd8PvHg9t9+XJ
=59cq
-----END PGP SIGNATURE-----



!DSPAM:4ae30e1726171804284693!
Sorry if this is a stupid question. But I'm not sure what you mean by "seems to be fixed in ebf10d4af3a7052e37d8048b220ff73d7ed0a32e:" 
Is that a development or patch to Clam?

I've been hanging back watching the different mailing lists I subscribed to.
But my problem, while I think it's the same issue, differs in that it's junk.ndb my Clam reports as corrupt when it's trying to load all the databases I use at the same time. But if junk.ndb is the only one used, it's fine.
My system is CentOS X86_64 with 8 Gig's of memory and ClamAV 0.95.2-exp (currently). The problem my system has with junk.ndb started at the same time this thread started about winnow_phish_complete. Even though I've added spearl.ndb & scamnailer.ndb with no problems. 

Thanks.

Other related posts:

  1. Home
  2. sanesecurity
  3. Archive
  4. 10-2009