For a few hours today, one of the mirrors had a corrupt version of phish.ndb.gz.
After being alerted to the fact by a user, I informed the mirror admin about the issue and the problem was then fixed.
The scripts on the SaneSecurity site, check the integrity of the signatures before being moved into the ClamAV database directory for use... and have done for some time.
This is important not only for the SaneSecurity signatures but indeed for any Third-Party signatures, as if you move a corrupt signature file into the ClamAV directory, it's going to stop ClamAV from scanning your emails, until you sort the problem out.
If you're running your own script or have an old version of the SaneSecurity scripts, it might be worth updating them:
I do always check signature integrity before uploading... so they leave here fine... but the end-user must always double-check their download integrity before use.
Apologies for the corrupt file and any problems caused.