CVE-2008-1835
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
Date published : 2008-04-16
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html