We are using clamav .94 on solaris 10. We are having problems scanning large hqx files using clamscan. I define large as over 1 Gig. The error we are receiving is LibClamAV Error: cli_malloc(): Can't allocate memory (8 bytes).
The root cause is the server runs out of memory and then generates the error, but the process never ends and server is starved for memory. The same thing happens when running clamdscan where we direct the file to clamd. This does not happen when scanning large tar.gz or simple tar files. This is only happening with large hqx files. Smaller hqx files work fine. We are able to skip the files by limiting the size to scan using --max-filesize=, but then we will be skipping other large files that we would like to scan such as large zip files. We tried setting --max-scansize, but it does not seem to work in solaris 10. I tested the -max-scansize on a tar.gz file. Here is the size of compress file 242916 Oct 15 12:35 text.gz Here is the size of uncompressed file 4436290 Oct 15 12:35 text.gz /opt/clam/bin/clamscan -v /test/text.gz -i --tempdir=/tmp/clam/tmp --move=/tmp/clam/infected --max-files=1000 00 --max-filesize=999999 --max-scansize=999999 --max-recursion=25 --max-dir-recursion=50 /opt/clam/bin/clamscan -v /test/text.gz -i --tempdir=/tmp/clam/tmp --move=/tmp/clam/infected --max-files=1000 00 --max-filesize=4096m --max-scansize=4096m --max-recursion=25 --max-dir-recursion=50 Here is the summary I see when that indicates the entire file was scanned. ----------- SCAN SUMMARY ----------- Known viruses: 446121 Engine version: 0.94 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 4.46 MB Time: 4.420 sec (0 m 4 s) I also tried testing using the debug option. Not much additional information was provided. Most of the debug output involves reading the virus definition. Once the scan of the file occurs, there is the line indicating a file is larger than 400kb. Not quite sure where the 400kB came from. LibClamAV debug: * Submodule ENGINE: On LibClamAV debug: * Submodule ENTCONV: On Scanning /test/text.gz LibClamAV debug: Recognized GZip file LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_scanscript: exiting (file larger than 400 kB) LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up ----------- SCAN SUMMARY ----------- Known viruses: 446121 Engine version: 0.94 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 4.46 MB Time: 4.330 sec (0 m 4 s) Any recommendations on what to do next Brian _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
