I guess my follow-up question, is the secunia advisory flawed? I looked at clamav.net release for .98.5 which referenced the CVE-2014-9050 article, both of which did not mention .98.5 being a patch for the highly critical vulnerability allowing execution of arbitrary code with elevated privileges. I google'd and only found one more article (which appeared to be a copy of the Secunia article) referencing this highly critical vulnerability on versions before .98.5, which obviously includes .98.4 ...or at least one would think...
Is it safe to continue to scan my system with clamav? Or would you wait until you can update it to .98.6?
I can obviously uninstall it and install my own version (but will break cpanel features), the only thing that stops me is I'll have to do this manually on quite a few servers, whereas, cpanel updates it with new releases.
My concern is someone could send an email with an attachment that exploits this vulnerability, it's scanned, and voila...arbitrary code execution happens on my server. Would incoming attachments be scanned with what privileges? as the user account? e.g. /home/~user?
I occasionally run system wide scans as root which detect malicious files in some of the catch-all email accounts...concerned one of them could try to exploit this if it is indeed exploitable...I occasionally clear these accounts out but need to block emails coming to them altogether.