I'll notify the signatures folk about this issue. Is it possible to upgrade your ClamAV? The maximum mpool size was increased in 0.98 to 134217728. The current ClamAV version is 0.99.2

Thanks, Steven.  I upgraded to 0.99.2 as you suggested, and all is now well.

Sorry to have troubled you.  In the past, I upgraded when I got the "engine out of date" message, and when I didn't get the message and only daily.cvd had changed, I assumed that the new database file had tripped a bug in clamscan.

Thanks again.

Gordon

I have a problem in my production server mail 
LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net
version:  clamscan -V
ClamAV 0.97.8/22404/Fri Oct 21 11:56:08 2016
if update to the last version I figure out the problem? 
but I won't have a problem with the others services spamassassin, amavis or postfix 
Please I need help!!!!!!

(In reply to Maria from comment #3)
> I have a problem in my production server mail 
> LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please
> report to http://bugs.clamav.net
> version:  clamscan -V
> ClamAV 0.97.8/22404/Fri Oct 21 11:56:08 2016
> if update to the last version I figure out the problem? 
> but I won't have a problem with the others services spamassassin, amavis or
> postfix 
> Please I need help!!!!!!

Yes, you should upgrade ClamAV. ClamAV 0.97.x is no longer supported. The current release of ClamAV is 0.99.2. I've not heard of any problems with ClamAV 0.99.2 and spamassassin/amivis/postfix, however, you may want to check their system requirements and/or ask on one of the mailing lists about possible issues.

I have problems with my clamav in my production server. When I try to start clamav-daemon, it returns the message:  

LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

I updated to last version, but the problem persists.

clamscan -V
ClamAV 0.99.2/22421/Mon Oct 24 07:58:38 2016

Please I need to solve it.

Thanks.

How i can to recsolve this problem, i need to remove this line
mpool_malloc():
Thanks for your help

 It's the own memory manager which allocates chunks up to 8388608 bytes.
 (static const unsigned int fragsz[] in mpool.c)
 Hex edited the last element "8388608" (0x800000) to "16777216" (0x1000000)
 in libclamav.so.6.1.12 on a debian lenny and works like a charm.
 Memory consumption could increase, but i don't care.

Hi all.

I had the same problem my version of clamav was .0.97.3 the OS is Centos 5.8 kernel 2.6.18-308.el5 with postfix with mailscanner spamasassin. The error was messagen ibClamAV Error: mpool_malloc (): Attempt to allocate 8388608 bytes. Please
> Report to http://bugs.clamav.net

Ran the command as root #yum udpate clamav, and solved my problem, but there was update 12 packages was afraid of email services stop over until the moment is operating normally.

Hi all,

Same problem (even after upgrading ClamAV version):

ClamAV 0.99.2/22423/Mon Oct 24 15:59:58 2016

We still get the message at clamd.log: 

LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

Any idea?
Thanks
J.

(In reply to Jose from comment #5)
> I have problems with my clamav in my production server. When I try to start
> clamav-daemon, it returns the message:  
> 
> LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please
> report to http://bugs.clamav.net
> 
> I updated to last version, but the problem persists.
> 
> clamscan -V
> ClamAV 0.99.2/22421/Mon Oct 24 07:58:38 2016
> 
> Please I need to solve it.
> 
> Thanks.

Finally, I resolved it. 

In first place I upgraded clamav package but it didn't work, then I Upgraded all system and there were 3 upgrades avalaibles: clamav-base:amd64 (0.97.8+dfsg-1, 0.99.2+dfsg-0+deb7u2), clamav-freshclam:amd64 (0.97.8+dfsg-1, 0.99.2+dfsg-0+deb7u2), clamav-daemon:amd64 (0.97.8+dfsg-1, 0.99.2+dfsg-0+deb7u2). 

Now it's working.

Folks, (In reply to jmoreno from comment #9)
> Hi all,
> 
> Same problem (even after upgrading ClamAV version):
> 
> ClamAV 0.99.2/22423/Mon Oct 24 15:59:58 2016
> 
> We still get the message at clamd.log: 
> 
> LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please
> report to http://bugs.clamav.net
> 
> Any idea?
> Thanks
> J.

Please refer to comment 10. If you are getting ClamAV from a package maintainer,
please ensure to upgrade all of the ClamAV packages.

Created attachment 7184 [details]
Libclamav mpool_malloc() error

Please help to fix the problem, can not break after boot

thomas

Folks,

If you are having this problem, you will need to upgrade your ClamAV release. The mpool size limits were increased in 0.98. ClamAV 0.99.2 is the current release. ClamAV 0.97.x is no longer supported per http://blog.clamav.net/2016/05/clamav-097-engine-end-of-life.html. If you are using a package maintainers ClamAV(e.g., Debian, RedHat), please be sure to upgrade all of the maintainers ClamAV packages (e.g., clamav, clamd, freshclam). Please verify using the commands 'clamscan --version', 'clamd --version', and 'freshclam --version'. If you have upgraded all of the ClamAV packages and still have this problem, please reopen this bug and include the output of the above commands.

Hi all,

As many of you suggested, I also tried to upgrade the ClamAV Packages. This is the result:
    root@Correu1:~# clamscan --version
    ClamAV 0.99.2/22423/Mon Oct 24 15:59:58 2016
    root@Correu1:~# clamd --version
    ClamAV 0.99.2/22423/Mon Oct 24 15:59:58 2016
    root@Correu1:~# freshclam --version
    ClamAV 0.99.2/22423/Mon Oct 24 15:59:58 2016

I also can see how clamd command takes all the CPU writing in the log file
    22521 zimbra    20   0  141m 101m 2984 R   94  1.3  12:19.17 clamd

We still get the same error at the log LibClamAV Error: mpool_malloc()...

Any idea?
Thanks!

(In reply to Atys from comment #7)
>  It's the own memory manager which allocates chunks up to 8388608 bytes.
>  (static const unsigned int fragsz[] in mpool.c)
>  Hex edited the last element "8388608" (0x800000) to "16777216" (0x1000000)
>  in libclamav.so.6.1.12 on a debian lenny and works like a charm.
>  Memory consumption could increase, but i don't care.

I have clamav 0.97, where is in the system the libclamav.so.6.1.12. if you checked it,
I do not want to change clamav because I have an old version of Fedora (13)

Started seeing this happen this morning on Windows machines running Immunet 3. 

Logs grow very fast, filling the entire hard drive within a few hours. 

After manually freeing some space, I was able to upgrade to Immunet 5 and that resolved the problem. Now

My zimbra also have the same issue, the clamd service not running and the clamd.log file growing huge until my disk always full. After i googling i found think solution

https://wiki.zimbra.com/wiki/ClamAV_-_Updating_clamd_for_releases_earlier_than_ZCS_8.0.6

And update the clamd version, the server work normal.

hi all,

The problem is real the clamav, please post their OS version. Verify If real remove the version of clamav 0.97 and install the new version. I need more details of services like: OS, services and like install o clamav.
But right than is the Clamav the problema.

Clamav is finally working with the new version.

Problem was I didn't upgrade it in the right way since it is used by a Zimbra mail server. Server and clamav are fine now.

Thank you all!!

(In reply to jmoreno from comment #19)
> Clamav is finally working with the new version.
> 
> Problem was I didn't upgrade it in the right way since it is used by a
> Zimbra mail server. Server and clamav are fine now.
> 
> Thank you all!!

Thanks for the update.

I've got the same problem with old clamav and ubuntu 11.04 lts.
I've deinstalled the ubuntu package and ownload clamav 0.99.2 from your homepage and build it by myself.
But the problem still exists.
Please help!

(In reply to postmaster from comment #21)
> I've got the same problem with old clamav and ubuntu 11.04 lts.
> I've deinstalled the ubuntu package and ownload clamav 0.99.2 from your
> homepage and build it by myself.
> But the problem still exists.
> Please help!

As the problem is in the libclamav shared object i would check if you have updated it too (or the package manager deleted the old one from the original location). (libcalamav.so.x.y.z)

(In reply to Atys from comment #22)
> (In reply to postmaster from comment #21)
> > I've got the same problem with old clamav and ubuntu 11.04 lts.
> > I've deinstalled the ubuntu package and ownload clamav 0.99.2 from your
> > homepage and build it by myself.
> > But the problem still exists.
> > Please help!
> 
> As the problem is in the libclamav shared object i would check if you have
> updated it too (or the package manager deleted the old one from the original
> location). (libcalamav.so.x.y.z)

Ha! Thats it. The packet manager did not remove the old executable and the old libs. 
I remove the old libs and executeable and changed the executable path in init.d, and now it works again.
Thanks a lot.

(In reply to postmaster from comment #23)
> (In reply to Atys from comment #22)
> > (In reply to postmaster from comment #21)
> > > I've got the same problem with old clamav and ubuntu 11.04 lts.
> > > I've deinstalled the ubuntu package and ownload clamav 0.99.2 from your
> > > homepage and build it by myself.
> > > But the problem still exists.
> > > Please help!
> > 
> > As the problem is in the libclamav shared object i would check if you have
> > updated it too (or the package manager deleted the old one from the original
> > location). (libcalamav.so.x.y.z)
> 
> Ha! Thats it. The packet manager did not remove the old executable and the
> old libs. 
> I remove the old libs and executeable and changed the executable path in
> init.d, and now it works again.
> Thanks a lot.

You are welcome. And remember, if you compile/install something by hand it will land in different locations as the package manager would install into. Unless you tell "configure" the destination.

I am getting the same error message

LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes.

I am running Snow leopard Server 10.6.8, how do i update ClamAV to the latest version. At present my email server is not working because of this. System reboots by itself every 5-10 minutes. Is there a step by step instruction on how to update to 0.99 from 0.97 ClamAV for snow leopard server. Need Help asap. Thanks

(In reply to Atys from comment #7)
>  It's the own memory manager which allocates chunks up to 8388608 bytes.
>  (static const unsigned int fragsz[] in mpool.c)
>  Hex edited the last element "8388608" (0x800000) to "16777216" (0x1000000)
>  in libclamav.so.6.1.12 on a debian lenny and works like a charm.
>  Memory consumption could increase, but i don't care.

What tool did you use to hexedit, or at least to locate the correct bytes to edit?

I'm also running debian lenny and encountering the same issue.

Thanks,
Kevin

(In reply to Kevin C. from comment #26)
> (In reply to Atys from comment #7)
> >  It's the own memory manager which allocates chunks up to 8388608 bytes.
> >  (static const unsigned int fragsz[] in mpool.c)
> >  Hex edited the last element "8388608" (0x800000) to "16777216" (0x1000000)
> >  in libclamav.so.6.1.12 on a debian lenny and works like a charm.
> >  Memory consumption could increase, but i don't care.
> 
> What tool did you use to hexedit, or at least to locate the correct bytes to
> edit?
> 
> I'm also running debian lenny and encountering the same issue.
> 
> Thanks,
> Kevin

Hi Kevin,

I have the x64 version, 
in the sourcecode you can find 2 arrays, one for the x86 one for the x64.
the bottom 3 item of both are (afair):
00 00 20 00 | 00 00 40 00 | 00 00 80 00
This is the pattern.

00 00 80 00 is 0x800000 = 8388608
This is the maximum mem chunk which can be allocated.
I altered it [00 00 80 00] => [00 00 00 01] = 0x1000000 = 16777216, twice the size.
It works for now but who knows how long.
Make a backup of the .so and keep an eye on it for a while.
And of course: no warranty.

I'm sure you will find a hexeditor anywhere..

(In reply to Atys from comment #27)
> (In reply to Kevin C. from comment #26)
> > (In reply to Atys from comment #7)
> > >  It's the own memory manager which allocates chunks up to 8388608 bytes.
> > >  (static const unsigned int fragsz[] in mpool.c)
> > >  Hex edited the last element "8388608" (0x800000) to "16777216" (0x1000000)
> > >  in libclamav.so.6.1.12 on a debian lenny and works like a charm.
> > >  Memory consumption could increase, but i don't care.
> > 
> > What tool did you use to hexedit, or at least to locate the correct bytes to
> > edit?
> > 
> > I'm also running debian lenny and encountering the same issue.
> > 
> > Thanks,
> > Kevin
> 

You could also try to download the old sources, alter the array, (compare with the new sources, it has 3-4 more elements) compile, and just update the libclamav.so
I did not have the time and as long it works i won't play around.

> 00 00 20 00 | 00 00 40 00 | 00 00 80 00
> This is the pattern.

Aha, that is the part I was missing. Without knowing the bytes before, there were too many occurrences of 00 00 80 00 to narrow it down.

> It works for now but who knows how long.
> Make a backup of the .so and keep an eye on it for a while.
> And of course: no warranty.

It is working for me now as well. 

> I'm sure you will find a hexeditor anywhere..

The easiest way to get one seemed to be: 
aptitude install hexedit

For Mac OS X Lion (10.7) Server there is a manual upgrade approach written down at http://apple.stackexchange.com/questions/258609/how-to-fix-the-os-x-server-libclamav-error-mpool-malloc-attempt-to-allocate#258986 on how to fix the built-in (Apple's) ClamAV version 0.97 to release 0.99.2.

(In reply to AJ from comment #25)
> I am getting the same error message
> 
> LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes.
> 
> I am running Snow leopard Server 10.6.8, how do i update ClamAV to the
> latest version. At present my email server is not working because of this.
> System reboots by itself every 5-10 minutes. Is there a step by step
> instruction on how to update to 0.99 from 0.97 ClamAV for snow leopard
> server. Need Help asap. Thanks

Go to Server Admin > Mail > Settings > Filters
and uncheck "Enable virus filtering"

We have exactly the same server 10.6.8. and doing this brought us back to normal.

If you find a solution by keeping the virus filtering please report it here! Thank you!

*** Bug 11679 has been marked as a duplicate of this bug. ***

(In reply to mitkot from comment #31)
> (In reply to AJ from comment #25)
> > I am getting the same error message
> > 
> > LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes.
> > 
> > I am running Snow leopard Server 10.6.8, how do i update ClamAV to the
> > latest version. At present my email server is not working because of this.
> > System reboots by itself every 5-10 minutes. Is there a step by step
> > instruction on how to update to 0.99 from 0.97 ClamAV for snow leopard
> > server. Need Help asap. Thanks
> 
> Go to Server Admin > Mail > Settings > Filters
> and uncheck "Enable virus filtering"
> 
> We have exactly the same server 10.6.8. and doing this brought us back to
> normal.
> 
> If you find a solution by keeping the virus filtering please report it here!
> Thank you!

Yes, there is a fantastic tutorial (among MANY others) at the TopicDesk website:

https://topicdesk.com/downloads/tutorials/updating-clamav-on-os-x-server-g-1056/

Regarding the bug itself, is it possible to review what in the updates is causing this condition (and correct it)? I know there are many 10.6 (and 10.7/10.8 apparently) servers out there that don't even have the mail service running and are seizing up and crashing due to clamd and freshclam being launched at startup regardless of mail service status. I would imagine quite a few of these installations either don't know what's going on, or don't have someone there savvy enough to compile a new version if they need the filtering...

*** Bug 11679 has been marked as a duplicate of this bug. ***

identical with Mageia:
WARNING: [LibClamAV] mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

freshclam use 100% of the processor. Add havp and you are a happy sysadmin...
Move to a newer version I would like but no packages are available :(

Is there an option that can be added in the configuration files to work around the problem?

Thank you

*** Bug 11683 has been marked as a duplicate of this bug. ***

Today I had a problem because of clamav:
Production VDS was overloaded by cpu and memory by clamd-freshclam and clamd.
LA was higher than one and I started investigation.
I realised that disk is almost full and it happened because of clamav logs:

# cd /var/log/clamav
# du -ms ./* |sort -rn |head -4
4097	./freshclam.log-20170601_130947
4097	./freshclam.log-20170601_125420
3334	./freshclam.log
3	./freshclam.log.6.gz
# head -4 freshclam.log-20170601_130947
Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't allocate memory (16781312 bytes).
Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't allocate memory (16781312 bytes).
Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't allocate memory (16781312 bytes).
Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't allocate memory (16781312 bytes).
# clamd --version
ClamAV 0.99.2/23434/Wed May 31 16:55:45 2017

It's a bad idea to fill logs with such output no matter what problem is. please fix this.

(In reply to Drey Tee from comment #37)
> Today I had a problem because of clamav:
> Production VDS was overloaded by cpu and memory by clamd-freshclam and clamd.
> LA was higher than one and I started investigation.
> I realised that disk is almost full and it happened because of clamav logs:
> 
> # cd /var/log/clamav
> # du -ms ./* |sort -rn |head -4
> 4097	./freshclam.log-20170601_130947
> 4097	./freshclam.log-20170601_125420
> 3334	./freshclam.log
> 3	./freshclam.log.6.gz
> # head -4 freshclam.log-20170601_130947
> Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't
> allocate memory (16781312 bytes).
> Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't
> allocate memory (16781312 bytes).
> Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't
> allocate memory (16781312 bytes).
> Thu Jun  1 12:54:20 2017 -> WARNING: [LibClamAV] mpool_malloc(): Can't
> allocate memory (16781312 bytes).
> # clamd --version
> ClamAV 0.99.2/23434/Wed May 31 16:55:45 2017
> 
> It's a bad idea to fill logs with such output no matter what problem is.
> please fix this.

Drey, thanks for your report. This is a different issue than the earlier problem described in this ticket. Can you open a new bug? Please also post in the new ticket the output of 'freshclam -v --debug' to help identify the issue.

Same error here, from centos:

[root@ns2020 ~]# clamscan --version
ClamAV 0.102.3/25823/Mon May 25 14:23:53 2020
[root@ns2020 ~]# clamd --version
ClamAV 0.102.3/25823/Mon May 25 14:23:53 2020
[root@ns2020 ~]# freshclam --version
ClamAV 0.102.3/25823/Mon May 25 14:23:53 2020