http://www.quantenblog.net/security/virus-scanner-bypass See url, patch with fix is here: http://cvsweb.clamav.net/bin/cgi/viewvc.cgi/clamav-devel/libclamav/message.c?r1=1.191&r2=1.192 (applies to both 0.88.x and 0.90rcx)
Reassigning to antivirus team, the security team doesnt usually handle bugs of class "anti-virus bypass".
I have a fix that makes clamav detect the virus in nested base64-encoded attachments. However, this is only part of the problem - if enough nestings are used, clamd crashes. This is being solved in security bug #157698, marking this one as dupe as not to duplicate effort. *** This bug has been marked as a duplicate of 157698 ***