CVE-2007-4560

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.91.2

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a certain popen call, involving the recipient field of sendmail, when clamav-milter is run in black hole mode.

Recommendations For versions prior to 0.91.2, update to version 0.91.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the clamav-milter in black hole mode to minimize the risk of exploitation.