I think that getting one version of BOINC labeled as malware would get all versions flagged, it would be massively detrimental to non tech-savvy users to see that the software they understand to be solving cancer is potentially malware (Even if it's a false negative).

A better alternative would be to get BOINC projects to enforce mandatory minimum BOINC client versions & if they don't adhere to these minimum requirements they're voted out of the whitelist.