--- clamav-0.88.7.orig/libclamav/mbox.c
+++ clamav-0.88.7/libclamav/mbox.c
@@ -3605,6 +3605,8 @@
char outname[NAME_MAX + 1];
time_t now;
+ sanitiseName(id);
+
snprintf(outname, sizeof(outname) - 1, "%s/%s", dir, id);
cli_dbgmsg("outname: %s\n", outname);