It looks like the problem was with the clamav user. It has double shadow and passwd entries. Oops.
The older clamav packages doesn't create the clamav user and group automatically so I had control over the UID and GID of these. With older clamav (0.95.3) you needed to create clamav user and clamav group by hand.
It was usually UID 210 and GID 210. This was good because I reserved UIDs above 1000 for users. This makes the user synchronization with backup server simple for me.
When I installed a new server with upgraded clamav (0.97) the package automatically created the user with UID in this userspace (something like 1040). This caused that when I merged the passwd file the high UID clamav user was included too. So I had two clamav users with UID 210 and UID 1040.
It looks like that this caused the saslauthd crash.
Probably this is the risk when you use not tested packages.
I built the package from the clamav 0.97 source since the latest version on slackbuilds.org is 0.95.2. I know that there is also some more up-to-date version but I was curious if it will work with 0.97.
Sorry, I was wrong I found this right now: