ClamAv Claims Something is a Virus That is Not

[denverdataman]

I have ConfigServer eXploit Scanner (cxs) scanning files with ClamAV. Last night at about 2AM (presumably when an update was done to the ClamAv signatures) I started getting hundreds of messages that ClamAV has detected a virus - ClamAV detected virus = [Win.Exploit.CVE_2016_3316-1]. After more research, this exploit is not a virus. I do not know why specific .doc files are being tagged with this exploit but my research shows that no specific document can have this bug more than any other document.

I would like to tell ClamAv not to scan for Win.Exploit.CVE_2016_3316-1 at all. Any help on doing this is greatly appreciated.

Thanks,
Steve

 

[MarkDalton]

Yesterday we started to receive complaints of email being blocked because they contained a virus Win.Exploit.CVE_2016_3316-1.

This forum post would seem to indicate that it is a False Positive.
discussions.apple.com/thread/7634186?start=0&tstart=0
I get message Infected with virus Win.Exploit.C... | Official Apple Support Communities

Anybody able to confirm? Do we know timelines for an updated signature set?

 

[Infopro]

Going by the comments on the clamav list, this should be resolved in an update:
[clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

 

[denverdataman]

In the masses of email, I was getting from Clam I did not see this. Thank you for the response. #sudo freshclam fixes the problem.

Thanks,
Steve

 

[Infopro]

Happy to hear you got it sorted.