# clamd error: LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes...



## IT_Architect (Oct 23, 2016)

The email stopped on 2 servers, and this is the error when it loads on boot:

```
LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net
```
From what I gather from, it occurs when MemLimit is no longer large enough, perhaps from a virus signature updates?  I read about commands that Linux has to set it, but not FreeBSD.  I don't see it as an option in the clamd.conf or command line either.  Does anyone know how to fix this problem?

Edit:  I see the difference between the two VMs with the problem, and the third that doesn't have the problem.  The ones with the problem are running ClamAV 0.97.7, and the one that doesn't is running 0.98.4.  They are all on FreeBSD 7.2.  The two on 0.97.7 are on that because they have line-of-business apps that need the older php and cannot use newer ports.  Would it work to copy 0.98.4 from one that works to those two?


----------



## robseco (Oct 24, 2016)

I have several machines running FreeBSD 9.1R and ClamAV 0.97.6 exhibiting the exact same problem. They fell over during the weekend. These are physical machines with 4 GB ram and are not using any available swap.


----------



## SirDice (Oct 24, 2016)

IT_Architect said:


> They are all on FreeBSD 7.2.


FreeBSD 7.2 has been End-of-Life since June 2010 and is not supported any more.

https://www.freebsd.org/security/unsupported.html
Topics about unsupported FreeBSD versions


----------



## robseco (Oct 24, 2016)

Bit the bullet and upgraded all the machines to clamav-0.99.2. Seems ok for now


----------



## IT_Architect (Oct 24, 2016)

robseco said:


> Bit the bullet and upgraded all the machines to clamav-0.99.2. Seems ok for now


I plan to do the same with a package tonight.  I cannot upgrade the machines and use new ports because they have line-of-business software that is encrypted, there is no suitable replacement, and they will not work with the new PHPs.  For today, I simply edited exim.conf and shut off ClamAV.

Thanks all.


----------



## SirDice (Oct 24, 2016)

IT_Architect said:


> I cannot upgrade the machines and use new ports because they have line-of-business software that is encrypted, there is no suitable replacement, and they will not work with the new PHPs.


This sounds a lot like ionCube. It was some time ago but they didn't support anything above PHP5.2. This should be fixed and they're supporting up to PHP 7.0 now.


----------



## IT_Architect (Oct 24, 2016)

SirDice said:


> This sounds a lot like ionCube. It was some time ago but they didn't support anything above PHP5.2. This should be fixed and they're supporting up to PHP 7.0 now.


It was available with both ionCube and Zend.  I advised them to go ionCube because Zend seemed have nothing by spite for FreeBSD.  With the new PHPs, ionCube was slow to get things sorted out, but Zend, with bird-in-hand, dropped FreeBSD.  However, the problem in either case is incompatible PHP code, not the encoding, and ionCube cannot fix that.
Thanks!


----------



## PoweredByDodgeV8 (Oct 25, 2016)

Well - thanks (seriously).   I'm sitting here with a RHEL 6 server (old, I know), running 0.97.7

Until yesteday, I was fine.  Today, mail is down.  Can't receive mail - can't send mail.  5.7.1 Command Rejected error from Sendmail.  After the usual poking around, I finally tried disabling milters.  Then turned them on one at a time, and narrowed it down to the ClamAV milter.  

That's when I found your post here.  Downloaded latest greatest tarball from https://www.clamav.net/downloads, did a make uninstall on my 0.97.7 installation, then installed 0.99.1 from source (latest).  

VOILA!  I'm running again, or so I thought.  Starting clamd did work, but I got a handful of "uses PCREs but support is disabled" warnings from the daemon as it was starting, which (if I'm reading it correctly) means that clamd is running, but a couple of the filters are turned off due to compatability.  So, more Googling resulted in this board topic pertaining to RoundCube webmail engine -- https://bugs.mageia.org/show_bug.cgi?id=17919

From that, I gathered that I simply needed the PCRE development package installed.  So, I installed that via my OS default package manager, went back to my Clam 0.99.1 source folder, did a make uninstall, make clean, then a fresh ./configure, make, and make install.  Quad core AMD Bulldozer isn't very fast now-a-days; I could have made a pot of coffee while I waited for it.

Anyway - I'm cooking with gas now.  Thanks guys!


----------



## SirDice (Oct 25, 2016)

PoweredByDodgeV8 said:


> I'm sitting here with a RHEL 6 server (old, I know), running 0.97.7


Rule #7: Thread 38922


----------

