Great, thanks!

All I had to do was writing an new.ldb rule with hex patterns to search for:

Sig1;Target:4;(0|1|2|3|4|5|6|7|8|9|10|11|12);e2e5ede0eb;c2c5cdc0cb;fe32;de32;d7c5cec1cc;f7e5eee1ec;c032;e032;d0b2d0b5d0bdd0b0d0bb;d092d095d09dd090d09b;d18e32;d0ae32;7576656e616c

and run clamscan:

clamscan -f ~/list -i -d ~/new.ldb

On Wed, 2019-03-06 at 10:50 +0100, Arnaud Jacques wrote:

Hello Alex,

We do have a large IMAP ~200GB, and in order to find letters
containing specific "keyword",
grep is not good because of base64 encoding. So the idea is to look
through with antivirus scanner for "virus" inside letters, which is
not a virus but a (not sure, may be) "bytecode signature" = "keyword"

Sounds good? A link to a howto will be appreciated.

Yes it is possible. Please see the official documentation :
https://www.clamav.net/documents/creating-signatures-for-clamav