clamav-0.91.2 is already available. Repo version is 0.91.1. Please update the package. If you have any questions or suggestions related to Fever, feel free to write them in this bug or have a look at http://fedoraproject.org/wiki/PackageMaintainers/FEver Don't send any messages to fevapp at o2.pl please.
New upstream version fixes multiple DoS vulnerabilities (hence severity: high), as described e.g. here: http://secunia.com/advisories/26530/ No CVE name was assigned to those issue yet.
Found CVE name: CVE-2007-4510 Description: ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
Could you push this package (if it is ready) to F7 updates: http://koji.fedoraproject.org/koji/buildinfo?buildID=16075
clamav-0.91.2-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Found CVE name: CVE-2007-4560 Description (c/p from http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560): clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."