There is a security vulnerability in ClamAV .091.2 [the underling program for ClamWin {the underling program for ClamWinPortable}]
It is discussed here:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634
As a workaround while we await ClamWin .092 [and then ClamWinP .092] the following is suggested,
"V. WORKAROUND
Disabling the scanning of PE files will prevent exploitation. If using clamscan, this can be done by running clamscan with the '--no-pe' option. If using clamdscan, set the 'ScanPE' option in the clamd.conf file to 'no'. "
The question is How do you, or Can you, disable scanning of "PE files" in ClamWin [and therefore ClamWinPortable]?
I could find no information at the ClamWin site. Heck maybe it doesn't even effect the Windows version.
Ideas ?
Tim
{edit} Well, it seems that "PE"s can be included in .exe, .dll, .ocx, .sys, .scr, so that excluding them from scanning defeats the purpose of scanning 
So I guess I wont be using CWP for a while Bummer
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Keep in mind that this is theoretical at the moment. No one has even written a proof of concept on Windows. The bigger concern is folks that use ClamAV on *nix boxes to automatically scan incoming email (which is a good percentage of ISPs in the world), which is why it was announced in a coordinated way with the new release. The exploit may not even work within ClamWin at all. And, even if it did, it's unlikely that someone would take the time to create an exploit for it since its install base is negligible.
Side note... don't you use IE despite the fact that it's vulnerable to several similar exploits?
Sometimes, the impossible can become possible, if you're awesome!
I mentioned in the OP that I was not sure it even effected CW
I almost never use IE unless I absolutely must. You turned me on to FF back in the beginning when U3 wasn't considered the Spawn of Satan
and I've never turned back 
Good point about the "install base", hadn't occurred to me.
Thanks again for the reply,
Good Holidays to You,
and everybody else
Tim
Things have got to get better, they can't get worse, or can they?
PE stands for Portable Executable. It's basically the filetype of .EXE, .DLL and any other executable binary code for Windows. So, it's not included in .EXE files, it is the .EXE file.
"If you're not part of the solution, you're part of the precipitate."
Yes, this was my reading of the situation as well, I should have said something more like "this file type includes ..." but as it was an "edit" I just wanted to get it out before anyone wasted time trying to answer my post.
Thanks for the clarification though.
Tim
Things have got to get better, they can't get worse, or can they?