Synology Antivirus Essential detects PHP.Exploit.CVE_2015_2331-3

Today my DiskStation emailed me about detecting malware in the system files. When I looked at the log, I saw this:

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

It appears this is a false positive in the ClamAV database.

Further reading:

If your Synology reports the same, simply restore the quarantined file, update virus definitions, and re-scan. It should come up clean. If you had configured Antivirus Essential to automatically delete files, you may have to restore the DSM OS to get the file back.



  1. #1 by rlescaille on August 30, 2015 - 2:18 pm

    I had the exact same notification when I woke up this morning. I also found the same ClamAV thread you found and updated my virus definitions before restoring and re-scanning. No issues since. Glad it’s a false positive but admittedly my heart did skip a beat. Glad I found your post.

  2. #2 by Chris on August 31, 2015 - 2:22 am

    Me three!

    Maybe one NAS isn’t enough. :)