It appears this is a false positive caused by a recent daily update as
per the clamav-users mailing list
(http://lists.clamav.net/pipermail/clamav-users/2016-July/003150.html).
The thread was started yesterday which explains why I didn't find any
information in my initial google search. It was recently reported as a
false positive and the end of the thread says it has been removed
although a scan today still gave it as a result even after a freshclam.
Thanks for the help.
William
On 07/24/2016 11:43 PM, Iosif Fettich wrote:
>> This may be helpful to you:
>> https://www.clamxav.com/BB/viewtopic.php?f=1&t=4085&p=22064
>>
>> I'm tipping a false positive with a new definition update. If you
>> haven't already, I would update to the latest definitions via
>> freshclam and look again.
>>
>> If you feel its a security issue, you can try a 'yum verify' after
>> installing the yum-plugin-verify package. This will check files
>> installed on the system versus the packaged files. If all that comes
>> back good, then you should be ok.
>
> A supplemental check can easily be done by submitting your suspect
> file to
> https://www.virustotal.com/en/.
>
> ClamAV is giving rather often false positives, and some of then may
> stay as such for long.
>
> Best regards,
>
> Iosif Fettich