CVE-2007-4560
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
Date published : 2007-08-27
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html