Advice Request Scanned with ClamAV after AVG, is this a FP or malware?

[hamdy]

I scanned my computer by AVG Internet Security unlimited. it gave me no infected files. and, it's okay you are safe. after that i used ClamAV to scan gave me this

C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8: Php.Exploit.CVE_2015_2331-1 FOUND
i want to know what is wrong in this file. i scanned it via VirusTotal - Free Online Virus, Malware and URL Scanner the file is safe. i upload the file for you to analyze the file.
baseimagefam8.infected

 

[Ink]

The only thing that comes to mind is, are you using the latest version of Java and all older versions uninstalled? Are you using the latest definitions for Clam?

Could be a False positive, see ClamWin Free Antivirus :: View topic - Php.Exploit.CVE

 

[Wave]

Well for what it's worth I downloaded the .infected, extracted it and took a browse through the files - the PE's are digitally signed by Oracle and are therefore genuine, however the signing stamp was from 2014 therefore the problem is most likely due to it being outdated like @Spawn suggested.

As for VirusTotal, the engine versions there are not always the same as the ones used in the actual Home/Enterprise products - they may be more aggressive or tuned to be weaker on VT.

 

[hamdy]

@Spawn yes, i am always update all Software and windows.
@Wave thanks

thanks guys to help me and explain