Most probably a false positive. When I google I see more posts about it on divers forums. Osx.work.inqtana is a worm for Mac OX using java and bluetooth vulnerabilities.

It might be a real infection--upload it to Jotti or Virus Total online scanners to verify it. I like to see at least 2 of these AVs detect something: Avira AntiVir, Bitdefender, Eset Nod 32, Kaspersky, and Sophos. Keep in mind that not many AVs will detect a brand new infection (say only a couple of days old--look at the last scan date. Virus Total has additional information that tells the date first seen). Also be aware that some AVs do not do a good job at detecting non-Windows PE malware--like Mac stuff, MS Office stuff, javascript, and HTML files (exploit files). These AVs seem to be a bit better than most at new/exploit stuff: Avira AntiVir, Eset Nod32, and Sophos. By the time a malware file has been around a week or so, lots of AVs should detect it.

Report all false positives to Clam AV so they can change their signature. At the Clam AV web site, select "submit a file" and then select the false positive choice. They will correct the signature within several days. All ClamWin users will benefit from your efforts.

Thanks for using ClamWin!

Regards,

I have scanned it on virus total and all other AV software did not detect is as a positive. Avira AntiVir, Bitdefender, Eset Nod 32, Kaspersky, and Sophos all had update 20140410.

I found the place where to upload the file with the FP to clamwin, but I get this mesage:

Please only submit ZIP archives encrypted with password virus.

Please correct the above errors and retry. Thank you for helping the ClamAV project.

So I am not sure what I have to do here. I have browsed to the file rkhunter-1.4.0.tar.gz but is that the file I should upload? The message indicates it is not?

I've never uploaded a zipped tarball (.tar) file to Clam AV, so perhaps they are not set up for it, but that surprises me. If Clam detects the file, their submission interface should be set up to process it. Anyway, if you uploaded it to Virus Total and Clam AV is the only AV that detected it, I think Virus Total will send it to Clam as a false positive anyway, so you have done the job.

You could wait a day or so and see if the detection on Virus Total changes. Exclude the file from future ClamWin scans (configure, filters, exclude matching flenames) if it is a false postive. Signature changes have to be made manually, and no sigmakers work on Clam AV full-time, so give them about 10 days to be sure, and then you can delete that filter.

Regards,