Mailing List Archive

Hi Jay,

Essentially, the cli_malloc()? function is a wrapper around the standard malloc()? memory allocation function. This wrapper has a limit on how much it's willing to allocate. The purpose is to limit memory allocations when the size of the allocation required is based on untrusted file input. So, like if the file has a field saying "the next bit is absurdly large" this function safeguards against allocating all the RAM on the system. When that happens, this error message is spit out.

This error message isn't a great one. We have made some improvements to it in newer ClamAV versions to better explain the cause of the message and also to increase the limit some. I think there are more improvements that could be made though.

Anyways, ... since you're scanning with the scan limits set really high, you're using a slightly older version of clamav, and you're scanning your whole system and don't have specific file to pinpoint as the cause of the issue - don't worry about it.

Cheers,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of jay-1--- via clamav-users <clamav-users@lists.clamav.net>
Sent: Monday, December 11, 2023 11:17 PM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: jay-1@jay-e.net <jay1@jay-e.net>; jay-1@jay-e.net <jay-1@jay-e.net>
Subject: [clamav-users] How to respond to request?

I was running clamav on Linux (Ubuntu) /home and a run-tme message appeared on the shellk script;
LibClamAV Error: cli_malloc(): Attempt to allocate 294892266 bytes. Please report to https://github.com/Cisco-Talos/clamav/issues
LibClamAV Warning: Couldn't grow the blob: we may be low on memory


So, thought the best way to respond is tp poost tis question in the mailing list.

Question: Any other action needed/desired?

Thanks in advance!
Jay

notes:
a gkrellm resource monitor showed I was using lass than 25% of memory

hardware and software notes (collected by a BOINC log):
<pre>
Mon 11 Dec 2023 08:39:13 PM EST | | Processor: 4 GenuineIntel Intel(R) Core(TM) i7-8665U CPU @ 1.90GHz [Family 6 Model 142 Stepping 12]
Mon 11 Dec 2023 08:39:13 PM EST | | Processor features: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust sgx bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
Mon 11 Dec 2023 08:39:13 PM EST | | OS: Linux Ubuntu: Ubuntu 23.04 [6.2.0-39-generic|libc 2.37]
Mon 11 Dec 2023 08:39:13 PM EST | | Memory: 30.99 GB physical, 9.77 GB virtual
Mon 11 Dec 2023 08:39:13 PM EST | | Disk: 119.60 GB total, 100.95 GB free
Mon 11 Dec 2023 08:39:13 PM EST | | Local time is UTC -5 hours
</pre>


The clamscan command was
clamscan -r -z -o --max-filesize=4000M --bytecode-timeout=600000 --max-scansize=4000M --bell --detect-structured=no --alert-encrypted=yes --detect-pua=yes /home


other:
<pre>
filesystem 1K-blocks Used Available Use% Mounted on

/dev/nvme0n1p5 125404540 13137020 105851136 12% /

/dev/nvme0n1p6 151085680 36466792 106871356 26% /home
</pre>