Hi malware fighters,
As a lot of our users use ClamAV as a non-resident extra open source AV-solution next to their avast resident AV-solution, caution should be taken scanning certain files. A vulnerability is caused due to a boundary error within the “cli_scanpe()” function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted “Upack” executable.
Users of ClamAV are advised NOT to scan PE files for the moment, because of a hole that attackers can exploit. This until a patch is can be applied, see:
http://secunia.com/advisories/29000/
polonus