Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV. Specifically three vulnerabilities- a race condition, a way to bypass scanning in Base64 UUencoded files, and finally a failure in file existence checking that potentially allows an attacker to overwrite files. It's a good read, full details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html