I just downloaded samba-4.4.0.tar.gz (the latest) from samba.org, and, after downloading via HTTPS, ClamAV (0.99.1/21479) reports that the gz file contains Win.Trojan.Qhost-106. In particular, the single file wintest.py in the subdirectory wintest is reported.