Track clamav as well under CVE-2019-12900

	< bigeasy> clamav uses libbz2 but for some reasons the "nsis" scanner/decompressor has a decompress.c from bzip2
	< bigeasy> I just learnt about that while reading the release notes
	< bigeasy> well, and looking at the diff of course

Thanks: Sebastian A. Siewior