Hi malware fighters,
The free and open source anti-virus software ClamAV appears to have a serious hole, that enables an attacker to remote control a system via a heap-based buffer overflow. Users are urgently advised to upgrade to version 0.88.5. Apart from the leak in rebuildpe.c also a flaw in the CHM (Compressed HTML Help) unpacker chmunpack.c has been repaired. Through this leak an attacker could make the system crash.
The team behind ClamAV also has good news for you, because the 0.90 version can be tested by everyone. The 0.9x series has all kind of improvements in detection and speed. Alo new packers and decrypters are being sustained, RAR3 en SIS archives and a new phishing signature which looks very promising indeed.
polonus
P.S. The updated and the new version can be downloaded from ClamAV.net.