Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
http://www.securityfocus.com/bid/26463
http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069
http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html