SOLVED Clam Antivirus Scan Results

Hi all,

Since a few days I am receiving this message:

	Wed Apr  8 00:21:02 2020
Scanned Folder: //var/lib/clamav-unofficial-sigs/dbs-lmd/sigpack.tgz: Php.Exploit.C99-23 FOUND
/var/lib/clamav-unofficial-sigs/dbs-lmd/sigpack.tgz: moved to '/var/spool/clamav/quarantine/sigpack.tgz.014'
/var/lib/clamav-unofficial-sigs/dbs-lmd/rfxn.yara: Php.Exploit.C99-23 FOUND
/var/lib/clamav-unofficial-sigs/dbs-lmd/rfxn.yara: moved to '/var/spool/clamav/quarantine/rfxn.yara.014'

----------- SCAN SUMMARY -----------
Known viruses: 6804144
Engine version: 0.102.2
Scanned directories: 46260
Scanned files: 258046
Infected files: 2
Data scanned: 33855.27 MB
Data read: 24140.04 MB (ratio 1.40:1)

The day after, everything is OK.

But after a day and an update??? of ClamAV, I receive exactly the same message again.

My settings of ClamAV are standard.


-Why it is from: //var/lib/clamav-unofficial-sigs/… ?
-Is it not from CamAV itself ?
-Is there something wrong with my settings ?
-Am I infected ?

All suggestions appreciated,


I ported this application to cockpit and I saw it myself on my test machines. I suggest to exclude the path of this folder, maybe I should do it for all servers with my rpm

1 Like

Hi Stéphane,

Thank you for your suggestion. You reassure me.

I excluded: /var/lib/clamav-unofficial-sigs/dbs-lmd