Hi,
some of my customers have warned me about this, I've checked the folder of one of a new RC installation with the ClamAV engine and standard malware signatures and I've found this:
{CAV}MBL_367798 : roundcubemail-0.8.6/program/include/main.inc
This happen with a lot of antivirus and with maldet too (http://www.rfxn.com/projects/linux-malware-detect/)
OF COURSE it's not a RC fail but how we can warn the AV vendors?