Hello everyone,
I would like to consult with you regarding an error that I have
encountered while scanning with ClamAV 1.0.7 on AIX 7.3, particularly
with clamd, which is not something I have encountered often.
On multiple AIX servers that I support for management, an occurrence
happened where, at almost the same timing when files were scanned by
clamd, all the scans recorded a "Can't allocate memory ERROR" and failed
as follows;
Fri Jun 27 18:24:10 2025 -> /opt/app/bin: Can't allocate memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/a.out: Can't allocate memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/check.sh: Can't allocate memory
ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/data01: Can't allocate memory
ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/upd.sh: Can't allocate memory
ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/contrib/.subsystem: Can't allocate
memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/contrib/user.conf: Can't allocate
memory ERROR
I remember that in former versions of ClamAV, similar errors occurred
with certain file formats.
Also, I have encountered situations where clamd failed to start in a
memory-constrained environment or shut down during scanning several times.
However, in this environment, the server has 32GB of memory, and about
10GB of free memory is secured according to svmon.
The scan targets include simple text files of just a few KB as well as
program files of several MB, but they do not include archives or large
files.
The same "Can't allocate memory ERROR" has occurred for all files that
were scanned, without exception.
I am not well-versed in the internal structure of clamd, but I
understand that clamd operates in a multi-threaded manner during object
scanning (it launches new threads and assigns them to scanning), so I
checked the ulimit settings for AIX threads and processes, as well as
memory.
ulimit -a
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 4194304
memory(kbytes) unlimited
coredump(blocks) 2097151
nofiles(descriptors) 8000
threads(per process) unlimited
processes(per user) 16384
Looking at this, it doesn't seem that any particularly problematic
values are set.
What could be the reasons for clamd returning this kind of error for all
scan requests?
Thank you in advance.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
