I have received a Clamav-announce
ClamAV versions older than 0.96.4 are affected by a bug in the logical
signature parser, which can make them load and mishandle signatures
designed for newer engines. As a result, these versions may generate
incorrect detections, leading to false positive alerts.
If you're running one of these releases, we strongly advise to upgrade it.
The version using by ispconfig 2.2.37 is 0.96.1
A new version of ispconfig with last version is scheduled or how to upgrade clamav