Today my DiskStation emailed me about detecting malware in the system files. When I looked at the log, I saw this:
Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip
It appears this is a false positive in the ClamAV database.
Further reading: https://www.clamxav.com/BB/viewtopic.php?f=1&t=4186&hilit=php.exploit
If your Synology reports the same, simply restore the quarantined file, update virus definitions, and re-scan. It should come up clean. If you had configured Antivirus Essential to automatically delete files, you may have to restore the DSM OS to get the file back.
