ClamAV Security Flaw Discovered
Security issue found in the webs most popular free AV package
Apr 27, 2008
ClamAV - found on a large number of firewall appliances and e-mail servers has been found to contain a buffer overflow issue. Updates are available and should be downloaded, however the issue is not as yet thought to be 'in the wild', but could in theory be triggered by a malformed email (spam).
Our advice is to update ClamAV from your firewall console and not to run it direct on your mail server. The benefits of using an Open Source AV package can sometimes be out weighed by the fact that as well as the good guys having access to the code - so do the bad guys.
For 'closed source' e-mail server protection, check out NOD32 on our site.