A flaw was found in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. References: https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html http://lists.clamav.net/pipermail/clamav-announce/2018/000033.html
Updates are already pending: https://bodhi.fedoraproject.org/updates/clamav-0.100.2-2.fc27 https://bodhi.fedoraproject.org/updates/clamav-0.100.2-2.fc28 https://bodhi.fedoraproject.org/updates/clamav-0.100.2-2.fc29
per comment #1