The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.
http://www.idefense.com/application/poi/display?id=276&type=vulnerabilities&flashstatus=true
http://www.debian.org/security/2005/dsa-737
http://sourceforge.net/project/shownotes.php?release_id=336462