ClamAv Claims Something is a Virus That is Not

denverdataman

Active Member
Jun 21, 2016
33
2
8
Denver
cPanel Access Level
Root Administrator
I have ConfigServer eXploit Scanner (cxs) scanning files with ClamAV. Last night at about 2AM (presumably when an update was done to the ClamAv signatures) I started getting hundreds of messages that ClamAV has detected a virus - ClamAV detected virus = [Win.Exploit.CVE_2016_3316-1]. After more research, this exploit is not a virus. I do not know why specific .doc files are being tagged with this exploit but my research shows that no specific document can have this bug more than any other document.

I would like to tell ClamAv not to scan for Win.Exploit.CVE_2016_3316-1 at all. Any help on doing this is greatly appreciated.

Thanks,
Steve
 

MarkDalton

Active Member
Mar 16, 2013
38
1
8
cPanel Access Level
Root Administrator
Yesterday we started to receive complaints of email being blocked because they contained a virus Win.Exploit.CVE_2016_3316-1.

This forum post would seem to indicate that it is a False Positive.
discussions.apple.com/thread/7634186?start=0&tstart=0
I get message Infected with virus Win.Exploit.C... | Official Apple Support Communities

Anybody able to confirm? Do we know timelines for an updated signature set?
 
Last edited by a moderator: