Hello,
I have clamav 0.103.5 installed on debian 11 and I'm getting too often
errors when reloading database.
looking back this problem started appearing on:
Mon May 10 11:51:15 2021 -> Database correctly reloaded (12721518 signatures)
Mon May 10 12:48:11 2021 -> ERROR: reload_th: Database load failed: Malformed database
Mon May 10 12:48:13 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 13:22:53 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory
Mon May 10 13:22:55 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 13:55:26 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory
Mon May 10 13:55:28 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 14:54:47 2021 -> ERROR: reload_th: Database load failed: Malformed database
Mon May 10 14:54:49 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 15:52:53 2021 -> SelfCheck: Database modification detected. Forcing reload.
Mon May 10 15:53:56 2021 -> ERROR: reload_th: Database load failed: Malformed database
Mon May 10 15:53:58 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 17:47:55 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory
Mon May 10 17:47:57 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 20:47:48 2021 -> Database correctly reloaded (12708784 signatures)
Yesterday I checked all databases using:
clamscan -d "$file" /var/lib/clamav-unofficial-sigs/configs/scan-test.txt
... no error was produced.
this machine has 4G of RAM and some swap, clamd currently eats ~1.5 GB of RAM:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2169 clamav 20 0 1705796 1.5g 6380 S 0.0 39.5 0:33.83 clamd
I use multiple third-party signatures
- last added securiteinfo on 2020/05/04, no huge difference in sigcount
- clamav was upgraded from 0.102.4 to 0.103.2 on 2021-04-24
and this was last change before this happened:
-rw-r----- 1 root clamav 1395 May 4 2020 /etc/clamav-unofficial-sigs.conf
-rw-r--r-- 1 root root 1873 Feb 8 2020 /etc/clamav/clamd.conf
-r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf
I wonder if this problem may be caused by i386 architecture with 3GB limit
per process:
Does clamd reload signature database in the same process?
(many servers use fork themselves and load config to a new process, would
avoid this error)
is the "Malformed database" just incorrect error code for this case?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
I have clamav 0.103.5 installed on debian 11 and I'm getting too often
errors when reloading database.
looking back this problem started appearing on:
Mon May 10 11:51:15 2021 -> Database correctly reloaded (12721518 signatures)
Mon May 10 12:48:11 2021 -> ERROR: reload_th: Database load failed: Malformed database
Mon May 10 12:48:13 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 13:22:53 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory
Mon May 10 13:22:55 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 13:55:26 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory
Mon May 10 13:55:28 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 14:54:47 2021 -> ERROR: reload_th: Database load failed: Malformed database
Mon May 10 14:54:49 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 15:52:53 2021 -> SelfCheck: Database modification detected. Forcing reload.
Mon May 10 15:53:56 2021 -> ERROR: reload_th: Database load failed: Malformed database
Mon May 10 15:53:58 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 17:47:55 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory
Mon May 10 17:47:57 2021 -> WARNING: Database reload failed, keeping the previous instance
Mon May 10 20:47:48 2021 -> Database correctly reloaded (12708784 signatures)
Yesterday I checked all databases using:
clamscan -d "$file" /var/lib/clamav-unofficial-sigs/configs/scan-test.txt
... no error was produced.
this machine has 4G of RAM and some swap, clamd currently eats ~1.5 GB of RAM:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2169 clamav 20 0 1705796 1.5g 6380 S 0.0 39.5 0:33.83 clamd
I use multiple third-party signatures
- last added securiteinfo on 2020/05/04, no huge difference in sigcount
- clamav was upgraded from 0.102.4 to 0.103.2 on 2021-04-24
and this was last change before this happened:
-rw-r----- 1 root clamav 1395 May 4 2020 /etc/clamav-unofficial-sigs.conf
-rw-r--r-- 1 root root 1873 Feb 8 2020 /etc/clamav/clamd.conf
-r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf
I wonder if this problem may be caused by i386 architecture with 3GB limit
per process:
Does clamd reload signature database in the same process?
(many servers use fork themselves and load config to a new process, would
avoid this error)
is the "Malformed database" just incorrect error code for this case?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml