A virus signature update today by ClamAV is causing emails with Microsoft Word attachments to be incorrectly identified as having a Tojan virus infection “Win.Exploit.CVE_2016_3316-1”.
ClamAV is widely used as an anti-virus scanner on Linux servers. That includes all Anno servers and also prominent security vendors such as Barracuda.
ClamAV update 22060 today caused Word document to be incorrectly tag as being infected with a Trojan virus. The ClamAV folks were quick to fix this problem in update 22063.
Our servers are already using the latest (fixed) version, but it may take a while for the fix to filter down to other ISPs. If you see this error, then a way to work around it to avoid DOC or DOCX email attachments for the time being:
- Share the document via a service such a DropBox.
- Zip your document with a password, and then attach it. Zipping with a password will prevent ClamAV from opening the attachment for scanning.