http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6406 "ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file." All FC3+ Extras repos have 0.88.6 at the moment.