The Clamav development team released version 0.90 of their open-source antivirus toolkit today. This version contains fixes for security vulnerabilities described in a number of iDefense advisories that were published today.

ClamAV CAB File Denial of Service Vulnerability (CVE-2007-0898)
Remote attackers can perform a service degradation attack by sending a malformed CAB file through a gateway scanner running ClamAV. The vulnerability can prevent ClamAV from scanning archives succesfully by depleting the available local file descriptors. iDefense investigated a number of common setups and observed that in most cases, mails that cannot be scanned will be auto-denied.

ClamAV MIME Parsing Directory Traversal Vulnerability (CVE-2007-0897)
An input validation bug allows a remote user to overwrite files on the system that are owned by the clamd scanner. A potential target mentioned in the advisory is the virus database. By overwriting this file, the scanner's effectiveness against certain threats can be reduced significantly.

Both vulnerabilities were resolved in ClamAV's new stable 0.90 release, which was released yesterday. Do note that users that automatically download and install signature updates are not automatically covered. When vulnerabilities in anti virus software are addressed, it is important to understand whether they are fixed in the signatures or scanning engines.

Depending on the solution in use, most setups are configured to automatically update the former, while the latter may require separate upgrades. One user wrote in with the really good idea of leveraging the common logwatch tool to check for the typical Freshclam error:

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.7 Recommended version: 0.90

Windows Easy Transfer Companion enables you to automatically transfer your most important programs from your Windows XP-based PC to your new Windows Vista-based PC. The software will move more than 100 of the most popular programs, as well as many others that you may have installed. You have complete control over selecting which programs to transfer, so only the programs you care about will move. The software will alert you if some programs may not be able to transfer, or may not transfer with high confidence. Most security software is not able to transfer due to technical reasons.
Easy Transfer Companion is designed to be used in addition to Windows Easy Transfer—which is part of Windows Vista and automatically transfers your data and settings. Connecting your two computers can be done with either an Easy Transfer Cable (available online, from retailers, and from PC manufacturers), or a home or small business network. If using an Easy Transfer Cable, you must first install Windows Easy Transfer on your Windows XP-based PC. By using Easy Transfer and Easy Transfer Companion you will be able to quickly and easily setup your new PC with all the data, settings, and programs that matter to you, so you can be productive on your new PC right away.
Easy Transfer Companion only transfers programs from a Windows XP-based PC to a Windows Vista-based PC. Easy Transfer Companion is currently in Beta, and only available for the US market.

Download at Microsoft Downloads