Clamav had been found vulnerable to multiple vulnerabilities:
Improper checking for the end of an buffer causing an unspecified attack vector. Insecure temporary file handling, which could be exploited to read sensitive information. A flaw in the parser engine which could allow a remote attacker to bypass the scanning of RAR files. A flaw in libclamav/unrar.c which could cause a remote Denial of Service (DoS) by sending a specially crafted RAR file with a modified vm_codesize. A flaw in the OLE2 parser which could cause a remote Denial of Service (DoS).