A vulnerability in ClamAV allows attackers to supply the program with a malformed MEW PE file which in turn will cause the program to overflow an internal buffer and execute arbitrary code, the following exploit code can be used to test the problem.

http://www.securiteam.com/exploits/5KP032AN5G.html