Re: [clamav-users] clamd scan problem
Hi there, On Sat, 31 Oct 2020, Tsutomu Oyamada wrote: Scanning certain files will result in a memory error in clamd version 0.101.5. In the context of virus scanning, one year old is very old indeed. On Sat, 31 Oct 2020, G.W. Haywood wrote: That is rather an old version, released over a year ago. There have been some significant changes since then. You should upgrade. See for example https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html -- On Sat, 31 Oct 2020, Tsutomu Oyamada wrote: The platform is AIX. This behavior does not occur in CVD version 25904, but does occur in CVD version 25973. On Sun, 1 Nov 2020, Tsutomu Oyamada wrote: The RAM size of my system is 4GB. The amount of free RAM is what matters. Yesterday I showed you how much free RAM there is on my dedicated clamd server. I doubt that you are using your AIX system as a dedicated clamd server, so what else is it doing and how much RAM does that leave free? I think it's not a system spec issue, it's a CVD issue. This is because an event occurred in the CVD update. It may or may not be a signature issue, but it will be a lot easier to troubleshoot if you are using the current version of ClamAV - which you should be doing anyway, so that's the first thing you need to do. As you will see if you read the release notes in the link I gave above, even version 0.102 fixed many faults to be found in older versions. The scan results which I showed you yesterday used the _same_ version of the daily database with which you claim to be having trouble: 8<-- $ grep 2597[345] /var/log/clamav/freshclam.log Fri Oct 30 15:55:54 2020 -> daily database available for update (local version: 25972, remote version: 25973) Fri Oct 30 15:56:31 2020 -> daily.cld updated (version: 25973, sigs: 4337152, f-level: 63, builder: raynman) Sat Oct 31 03:56:33 2020 -> daily.cld database is up to date (version: 25973, sigs: 4337152, f-level: 63, builder: raynman) Sun Nov 1 03:58:58 2020 -> daily database available for update (local version: 25973, remote version: 25974) Sun Nov 1 03:59:33 2020 -> daily.cld updated (version: 25974, sigs: 4337524, f-level: 63, builder: raynman) 8<-- As I said yesterday, scanning the same file here with a recent version of ClamAV, using the same database, and plenty of free RAM, does not appear to show the same issue. In case the file was somehow corrupted in transfer by email, in my post yesterday to you I gave the md5sum of the file I scanned, which is bc14659c084333c99bfcc728ef6744bd so that you can check that we are indeed scanning the same thing. I also showed you how to check that your system has sufficient free RAM. Do you have enough *free* RAM? Does your problem still appear with the *current* version of ClamAV? Are you sure that the problem appears on your AIX system but not our Linux system, using the same ClamAV version, and the same database, and with sufficient free RAM? These questions need to be answered. It's up to you to provide those answers. It _is_ possible that there is an issue with version 25973 of the daily database, these things do happen. But I haven't seen it, and if it were a problem affecting all ClamAV installations you could reasonably expect that you would by now have seen many more enquiries on this list about it. I repeat my suggestions that you (1) upgrade your version of ClamAV, from the one year old version 0.101 to the current version 0.103 (which you should have done already, even if you did *not* have memory issues like this) and then (2) if the problem persists and you are quite sure that you and I are scanning the same file and that you have sufficient free RAM, so that it can be investigated try to narrow it down to a single signature which causes problems on your system. That should be straightforward. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamd scan problem
Hi, Mark Thank you for your reply. The RAM size of my system is 4GB. I think it's not a system spec issue, it's a CVD issue. This is because an event occurred in the CVD update. Regards T.Oyamada On Sat, 31 Oct 2020 14:10:29 + Mark Fortescue via clamav-users wrote: > How much memory is available on your AIX system ? > > Recommendations vary but I think the general rule will be you need 4GBytes or > more for any server that has to do more than just run Clamd. Anything less > that 2GBytes is going to be very slow or fail. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamd scan problem
Hi there, On Sat, 31 Oct 2020, Tsutomu Oyamada wrote: Scanning certain files will result in a memory error in clamd version 0.101.5. That is rather an old version, released over a year ago. There have been some significant changes since then. You should upgrade. The platform is AIX. This behavior does not occur in CVD version 25904, but does occur in CVD version 25973. (I don't know which version came to happen.) 25904 was released on August 17th and 25973 on Oct 30th, almost 70 releases between the two. Perhaps it might help if you could narrow it down, so that just one or two signatures/changes are implicated. File: com.ibm.tws.panels_9.2.0.201402121518.jar Error: Can't Allocate Memory ERROR Can you give me some advice on how to resolve this situation? There were no problems scanning that file here, although it took a while: 8<-- $ md5sum com.ibm.tws.panels_9.2.0.201402121518.jar bc14659c084333c99bfcc728ef6744bd com.ibm.tws.panels_9.2.0.201402121518.jar $ clamdscan com.ibm.tws.panels_9.2.0.201402121518.jar com.ibm.tws.panels_9.2.0.201402121518.jar: OK --- SCAN SUMMARY --- Infected files: 0 Time: 60.804 sec (1 m 0 s) 8<-- The above scan was done using our dedicated clamd server, which is running version 0.103-rc2 (with just a couple of small patches which have no bearing on this issue). The clamd server has 4GBytes of RAM: 8<-- $ top -b -n1 | grep MiB MiB Mem : 3827.9 total,965.3 free, 1677.2 used, 1185.4 buff/cache MiB Swap: 8192.0 total, 8037.0 free,155.0 used. 1808.9 avail Mem 8<-- As Mr. Fortescue says you need plenty of RAM for clamd. Looking at the .jar file itself, it's an archive of three-quarters of a megabyte, contains 235 files, and supports at least three different architectures. It seems to me there may be some room for improvement in efficiency there. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamd scan problem
Hi Tsutomu, How much memory is available on your AIX system ? Recommendations vary but I think the general rule will be you need 4GBytes or more for any server that has to do more than just run Clamd. Anything less that 2GBytes is going to be very slow or fail. Regards Mark. On 31/10/2020 13:26, Tsutomu Oyamada wrote: Hi, all. Scanning certain files will result in a memory error in clamd version 0.101.5. The platform is AIX. This behavior does not occur in CVD version 25904, but does occur in CVD version 25973. (I don't know which version came to happen.) I think the CVD signature is affected. The reason is that the CVD version is new and occurred. File: com.ibm.tws.panels_9.2.0.201402121518.jar Error: Can't Allocate Memory ERROR Can you give me some advice on how to resolve this situation? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
