Everyday my daily scan report me :

/home/USER/logs/USER.org-May-2018.gz: {HEX}php.malware.magento.588.UNOFFICIAL FOUND
/home/USER/logs/USER.org-May-2018.gz: Removed.
/home/USER/logs/USER.it-May-2018.gz: {HEX}php.malware.magento.588.UNOFFICIAL FOUND
/home/USER/logs/USER.it-May-2018.gz: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 6544637
Engine version: 0.99.4
Scanned directories: 58793
Scanned files: 564986
Infected files: 2
Data scanned: 59258.29 MB
Data read: 58805.30 MB (ratio 1.01:1)
Time: 28593.130 sec (476 m 33 s)

centos 6.9 , cpanel/whm 70

please i need help or documentation to remove it
thanks

First, make sure this zipped file contains a virus. If you can locate the file, upload it to Virus Total and see what about 50 AVs (including our Clam AV engine) detect. If only Clam AV and a few other AVs detect it, it is probably a false positive. Virus Total should send false positive files to the AV companies so they can correct their signatures. I like to see at least 2 of these AVs detect a file: Avira, Bitdefender, Eset Nod 32, Kaspersky, and Sophos.

If the file is infected, use another AV to detect/remove it. You should be using another AV with ClamWin as your primary AV because ClamWin does not provide real-time protection. One of these free AVs will provide good detection/removal: Malwarebytes Free, Zemana Antimalware Free, Forticlient's Fortinet AV, Emsisoft Antimalware, or Windows Defender (Security Essentials on older computers). MBAM/Zemana/Emsisoft have a free trial, and Forticlient/Windows Defender are free anyway. If the AV can not detect/remove a virus, get into Windows Safe Mode (get Safe Mode instructions on the web) and then run another scan. Not all AVs will work in Safe Mode.

If no results, try deleting the file manually from the Windows Explorer right context menu if you can find it.

If the file is infected, there might be a registry entry (or even another malware) that sets it up each time you turn on the computer. One of the AVs mentioned above should take care of this for you.

Let us know how it goes.

Regards,

unfortunatly this is not a desktop pc it is a production server .
But you're right i must check if is a false positive before delete
So i change option to clamscan (--remove=no) and i do not delete file containing virus
tomorrow after daily process i will check

thanks

Okay. For production use, you should be using a real-time AV as primary. ClamWin can serve as a backup, but it does not have enough signatures for the types/number of viruses that you are likely to encounter in a production environment.

Regards,

The signature is an "unofficial" one that was not developed by the Clam AV team, so it is highly suspect as being a bad signature. Do you develop your own signatures? If so, you might want to remove it. If there is a real virus in a Gzip file, it is probably not dangerous until the file is unzipped an executed.

Regards,

If this type of scan summary you are getting by your antivirus then the antivirus which you are using is not working properly if you want real virus protection then use https://supportprop58.com/microsoft-office-support/ essential antivirus so that your system will be protected from the virus.