ClamAV: mpool_malloc and disk space


ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. The most common use we see is to check emails for bad content.

Some of our users have recently been seeing errors from “freshclam” processes that look like the below entry. These will occur quickly and will often cause log files to grow very fast, to the point your server may have run out of disk space.

Tue Nov  1 00:17:18 2016 -> WARNING: [LibClamAV] mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

That is a known issue, per https://bugzilla.clamav.net/show_bug.cgi?id=11647

In essence, ClamAV sets a static size limit for its AV database. That was increased a longish time ago, but only recently has the actual database size increased beyond the old limit. Users with a version that has the lower limit are affected by the above error. You will usually see this when the ClamAV tries to (automatically) update its database to the latest version.

To resolve this distros have patched packages for all supported releases. You can apply those using your distribution supplied package manager (yum or apt-get).

If you are on an older install such as Debian squeeze, you will need to disable ClamAV until you are able to update the install to a newer release.

If you need to monitor disk space usage we have a handy guide.

If you need help checking for this or implementing anything mentioned in this article, please open a support ticket with us.