If Sourcefire hasn't done anything to worry about with Snort in the last 4 years, Im sure clamav is safe as well. The bulk of virus signatures are user submitted anyway, not created by clamav so... nothing to see here folks. PS- F-prot works just fine in qmail-scanner too... along with kaspersky, sophos, nod32, etc.
I'll get qmail-scanner for CentOS5 done soon. I'm running into a weird build problem with maildrop on that platform, thats the only hangup (anyone want to debug maildrop builds in mock?).