Thanks for your help, Pterobyte.
With all due respect, "God forbid" one should apply an update to a production server without vetting that update on a testing server, let alone having a full & known-good backup
prior to applying any update, before the very necessary step of carefully inspecting the content(s) of said update prior to applying it.
This is a server we are talking about, and due diligence is called for as a matter of best-practices,
regardless of what platform - hardware and software - is in use.
You can use pkgutil
man pkgutil
or the Flat Packager Editor that comes with the free Developer tools, or Pacifist, to readily determined the contents of any update.
So we see that there's a significant amount of Perl material. Also some actions pertaining to clamav and postfix, which personally I'd take a good look at prior to proceeding. The postfix script seems innocuous enough, whereas UpgradeClamAV is a compiled binary. Running "strings" on it makes it look as though it makes changes to the (Apple-supplied, default) clamav config file, so that'd be another key point.
Etc.