are there updates for this CVE with ClamAV f. CentOS 6 in progress?
The CentOS Project does not release ClamAV. What repo are you getting it from? I see that it does exist in EPEL.
from EPEL repo
This is where you file bugs:
CentOS doesn’t maintain clamav.
The ClamAV people just announced the release of production 0.99.3. It addresses CVE-2017- 12374-12380. See < http://blog.clamav.net/> for their details, and as indicated, the epel people for timing of their packaging and release of this.