It appears this is a false positive caused by a recent daily update as
per the clamav-users mailing list
(http://lists.clamav.net/pipermail/clamav-users/2016-July/003150.html).
The thread was started yesterday which explains why I didn't find any
information in my initial google search. It was recently reported as a
false positive and the end of the thread says it has been removed
although a scan today still gave it as a result even after a freshclam.
Thanks for the help.
William
On 07/24/2016 11:43 PM, Iosif Fettich wrote:
This may be helpful to you:
https://www.clamxav.com/BB/viewtopic.php?f=1&t=4085&p=22064
I'm tipping a false positive with a new definition update. If you
haven't already, I would update to the latest definitions via
freshclam and look again.
If you feel its a security issue, you can try a 'yum verify' after
installing the yum-plugin-verify package. This will check files
installed on the system versus the packaged files. If all that comes
back good, then you should be ok.
A supplemental check can easily be done by submitting your suspect
file to
https://www.virustotal.com/en/.
ClamAV is giving rather often false positives, and some of then may
stay as such for long.
Best regards,
Iosif Fettich
