It's been in the database for many years, so doubt that it's invalid, but could still be an FP in your specific case. The signature looks like this:

VIRUS NAME: Html.Trojan.Exploit-112
TARGET TYPE: HTML
OFFSET: *
bc f3 e3 f2 e9 f0 f4
[I padded the hex string with spaces to prevent this e-mail from being detected].

ClamAV doesn't publish detailed information most of it's signatures. Only the original signature writer might have it in his notes and I doubt he still works for them. Each vendor uses it's own unique name for signatures, so it's no wonder you weren't able to find anything, although I did find this from Dec 2017 which appears to believe it might be a False Positive from a Time Machine backup: <https://forum.qnapclub.de/thread/45902-virenfund-timemachinebackup-wie-finde-ich-die-dateien-auf-dem-macbook/>.

You should upload that file to <https://www.virustotal.com> to help make your case.

Then it should be uploaded to <http://www.clamav.net/reports/fp> so that it get's to the ClamAV signature team for resolution.

You may get faster results if you post the link to VirusTotal results and a hash value for the file back here, to make it easier for all to help resolve it.

-Al-

> On Mar 4, 2019, at 00:24, Henrik Hoeg Thomsen1 via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Our Clamav scan just reported this signature to be forund in one of my syslogarchives.
>
> Html.Trojan.Exploit-112 FOUND
>
> My best guess is that it is false-positive, as  this filesystem is totally isolated from any interactive user access.
>
> But where can i find the details behind this alert ?
>
> Google has no match on this.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml