LibClamAV Error for ClamAV 1.0.4 for EL9

[brandonrace]

Describe the bug

When we try and run a clamscan with ClamAV 1.0.4 for Enterprise Linux 9, we are running into the below errors. This works fine for us when using ClamAV 1.0.3 for Enterprise Linux 8.

LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Can't allocate memory
LibClamAV Error: cli_loaddbdir: error loading database /var/lib/clamav/daily.cvd
ERROR: Can't allocate memory

How to reproduce the problem

mkdir -p /tmp/test_virus
echo 'X5O!P%@ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > /tmp/test_virus/virus
sudo clamscan /tmp/test_virus

[brandonrace]

[micahsnyder]

@brandonrace how much RAM does your machine have?

[brandonrace]

Nearly 7GB is free, I agree that "can't allocate memory" sounds like it would be a RAM issue but I don't think that's the case. Are using the same m5.large instance in AWS for both RHEL-8 and RHEL-9, for the EL8 version of ClamAV, we don't have any issues, with the EL9 version, we get the error I sent.

[micahsnyder]

Yeah it doesn't sound like a RAM issue. I wonder if the daily.cvd file got corrupted somehow. Can you try deleting it and then running freshclam to download a new copy?

[brandonrace]

I just ran another test and this time instead of loading the daily.cvd file it can't load the bytecode.cvd file, so it doesn't seem like an issue with one particular file. Have you been able to reproduce this error?

[brandonrace]

I also get the can't allocate memory error when running freshclam.

[brandonrace]

I also noticed that when the clamscan command is ran the line that says Loading gets to 2.03M/8.70M before crashing and giveing the can't allocate memory error.

[micahsnyder]

I was unable to reproduce the error.

I don't have access to RHEL9. I just tested with a docker container using rockylinux:9.
How did you install ClamAV? I used these instructions:
https://docs.clamav.net/manual/Installing/Packages.html#epel-fedora-rhel-and-centos

[brandonrace]

We are installing it from this repository: https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/
But yes, we are doing the same "dnf install -y clamav clamd clamav-update"

[brandonrace]

I also wanted to add that our /var/log/clamd.log file is spammed with the same "Can't allocate memory error". Is there anywhere else I'd be able to find a more helpful output?

[brandonrace]

After more testing it appears that the issue we are running into is the same that is discussed in #564
When we disable FIPS the scan runs as expected, but with FIPS enabled we get the errors detailed in the messages above. I see that there was already a lengthier discussion in #564 , is there any update on when this would get fixed in the clamav package?

[micahsnyder]

I'm glad to hear you solved it. I'll go ahead and close this then.

Sorry no update on when we can support FIPS. To do it, we need to modernize how we sign the clamav CVD database archives and CDIFF database archive patch files. We have started planning it, but my teammate who is expected to work on it is still working on clamav-adjacent internal project and I'm unsure when he will be able to switch to work on this.