A “critical” security flaw has been found in Clam Antivirus (ClamAV) software that attackers or viruses could exploit to take control over computers running the software.
The vulnerability has to do with the way ClamAV looks at executable programs modified by a popular free file compression utility called UPX (short for the “ultimate packer for executables”). Most bots, worms and viruses going around in e-mail these days are packed with UPX or some other type of compressor to dramatically decrease their size and often to obfuscate the contents of the file and evade detection by antivirus software.
This vulnerability is fixed in the most recent version of ClamAV.
Download last version for Linux/Unix systems – version 0.88 – here.
Download last version for Windows – version 0.88 – here.