AIX Open Source

 View Only

 Clamd ERROR,"Can't allocate memory ERROR"

直也 酒井's profile image
直也 酒井 posted Mon June 30, 2025 01:50 AM

Hello everyone,
I would like to consult with you regarding an error that I have encountered while scanning with ClamAV 1.0.7 on AIX 7.3, particularly with clamd, which is not something I have encountered often.

On multiple AIX servers that I support for management, an occurrence happened where, at almost the same timing when files were scanned by clamd, all the scans recorded a "Can't allocate memory ERROR" and failed as follows;
Fri Jun 27 18:24:10 2025 -> /opt/app/bin: Can't allocate memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/a.out: Can't allocate memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/check.sh: Can't allocate memory
ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/data01: Can't allocate memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/bin/upd.sh: Can't allocate memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/contrib/.subsystem: Can't allocate
memory ERROR
Fri Jun 27 18:24:10 2025 -> /opt/app/contrib/user.conf: Can't allocate
memory ERROR

I remember that in former versions of ClamAV, similar errors occurred with certain file formats.
Also, I have encountered situations where clamd failed to start in a memory-constrained environment or shut down during scanning several times.

However, in this environment, the server has 32GB of memory, and about 10GB of free memory is secured according to svmon.
The scan targets include simple text files of just a few KB as well as program files of several MB, but they do not include archives or large files.
The same "Can't allocate memory ERROR" has occurred for all files that were scanned, without exception.

I am not well-versed in the internal structure of clamd, but I understand that clamd operates in a multi-threaded manner during object scanning (it launches new threads and assigns them to scanning), so I checked the ulimit settings for AIX threads and processes, as well as memory.

 ulimit -a
 time(seconds)        unlimited
 file(blocks)         unlimited
 data(kbytes)         unlimited
 stack(kbytes)        4194304
 memory(kbytes)       unlimited
 coredump(blocks)     2097151
 nofiles(descriptors) 8000
 threads(per process) unlimited
 processes(per user)  16384

Looking at this, it doesn't seem that any particularly problematic values are set.
What could be the reasons for clamd returning this kind of error for all scan requests?

Thank you in advance.

Aditya Kamath's profile image
Aditya Kamath posted Mon June 30, 2025 03:41 AM

Hi,

Someone else also faced a similar issue here.

But that may not be the root cause for your issue. 

Former versions of ClamAV faced issues when bin format files were existing, which we have fixed. 

Also paste me the rpm -qa | grep clamavoutput. 

Also, what is the size of /opt/app/bin? Before we go into other details, can you share the answer to these two?

直也 酒井's profile image
直也 酒井 posted Mon June 30, 2025 04:59 AM

Thank you for your reply.

The link you provided was what my colleague inquired about here previously.
I remember this case.

The |rpm -qa | grep clamav|output is as follows;

# rpm -qa | grep clamav
clamav-1.0.7-2.ppc


The size of /opt/app/bin is as follows;

# du -m /opt/app/bin
1.71    /opt/app/bin 

Aditya Kamath's profile image
Aditya Kamath posted Mon June 30, 2025 05:07 AM

Can you try updating to 1.0.7-3 and check?? We did fix one issue in ClamAV. 

直也 酒井's profile image
直也 酒井 posted Mon June 30, 2025 07:40 PM

Thank you for your reply.
I updated ClamAV to clamav-1.0.7-3, but there was no change in the situation;

Mon Jun 30 19:23:59 2025 -> /opt/app/bin/data01: Can't allocate memory ERROR
Mon Jun 30 19:23:59 2025 -> /opt/app/bin/upd.sh: Can't allocate memory ERROR
Mon Jun 30 19:23:59 2025 -> /opt/app/contrib/.subsystem: Can't allocate memory ERROR
Mon Jun 30 19:23:59 2025 -> /opt/app/contrib/user.conf: Can't allocate memory ERROR

Aditya Kamath's profile image
Aditya Kamath posted Tue July 01, 2025 01:23 AM

Hmm, so we need to identify the root cause since we are not able to reproduce the issue in our tests.

To support, we need more information.

The ulimit -d is set so that is ruled out.

1: Have you set any MaxDataSize, MaxFileSize, or MaxRecursion in clamd.conf? If yes, how much is that?

2: Can you run the scan let's say clamscan /opt/app/bin/data01

and then simultaneously paste the outputs of lsps -a and vmstat 1 10?

3: Also, vmstat -v will be useful.

We want to see if memory issues indeed exist. If while running clamd you see something like 95%+ use in lsps -a, then it might be the root cause.

Let me know before we can go into other things.

Related Content