Don't know if this has been fixed yet but ClamAV trashed my entire MIDI collection on 2012/01/15 with the false positive BC.Exploit.CVE_2012_0003.

Luckily, my virus scanning script I made moves the files to a directory, then encrypts the file (with aespipe) with a UUID as a password, then places it in the file name along with the original, with a date. Thus "XVIRUS_20120115_010002__cfe80abe-0c8c-4621-a93d-4dd8f2021ae5__d_runnin.mid" is born, where "cfe80abe-0c8c-4621-a93d-4dd8f2021ae5" is the encryption key. Encryption prevents accidental usage of the file. And the date corresponds to a log file.

I'm glad to see that ClamAV didn't blindly overwrite files with the same name and instead padded numbers after it.

So reversing this process will be quite painful and time consuming as I'd have to run this on every MIDI, then grep through the log file to see where the file should belong.

Are you using Clam AV or ClamWin? This is the ClamWin forums, but you mentioned Clam AV. If you are using a recent verson of ClamWin, there is a Quarantine Browser which can restore files from quarantine. Once restored, you should report them to ClamAV (which furnishes its scan engine and virus signatures for ClamWin). Then you can exclude the Midi directory or midi extension from further ClamWin scans until the false positive is corrected.

Regards,