Apparently no one cares about a Clam AV vulnerability, try selling something people can get excited about like a remotely exploitable Vista/IE7 attack those are always great for business.Make it even better add a .net component and charge the same low low price.Reminds me of real dead crunchy frog.

So they've rejected some submissions because the discoverer reverse-engineered the code. This doesn't make the vulnerability go away, and doesn't stop someone who wants to exploit it from also reverse-engineering the code (such people won't be too worried about the legality of doing so). Also, no doubt the immediate response from the company that wrote the software would be to sue the discoverer and anyone else their lawyers could think of for trying to make money from it instead of fixing the code, so the rest of the user base would still be vulnerable.

Surely the best approach to finding a "remotely exploitable Vista/IE7" would be to write a fix, then patent it. Then you could simply hold M$ to ransom.

The exploit would be honestly concerning if anyone actually ran the product.

If you conducted a straw poll of Ubuntu/SuSE/Fedora users if they 'honestly' ran AntiVirus software, the answer would be ???

Making the xploit worth ?

** I've added Paris Hilton as the ICON, because she's really smart with all IT related issues - an inspiration to all.

...that the Clam AV team would have patched the vuln by now?

Isn't ClamWin based on the same code? or is the vulnerability only on Unix?

http://www.clamwin.com/