On Tue, Aug 6, 2019 at 5:23 PM Henrik Hoeg Thomsen1 via clamav-users <clamav-users@lists.clamav.net> wrote:

Running on SUSE sles 12 sp2 servers.

rpm -qa | grep clamav
clamav-0.100.3-33.21.1.x86_64

This is what i call the engine. The actual version af clamav proccess active on my server.

I just want to know how to figure out if this build has known vulnerabillities.

Short version: ask suse or whoever build your package.

The CVE page should list most recent issue first, and the linked bugzilla will show which version has the fix.

However distros (e.g. suse, redhat) often backport security fixes, so it's possible that your particular build already has it. The distro should have somekind of changelog for that package. For example, https://www.suse.com/support/update/announcement/2019/suse-su-20190897-1/

Fajar