You may want to see if you still get the warning
* after you update ClamXav's signature file to
Daily CVD 15471 or later (current version is 15472, the flagging update was Daily 15462).
It's suggested that the PHP.Exploit.CVE_2011_4153-2 flag is no longer raised with the newer updates, although ClamXav did not provide further details about its previous inclusion either. As Alvarnell mentioned above,
it looks like this file contains vulnerabilities and not malware per se.
*) This may not be conclusive as I don't know if ClamXav includes the Quarantine folder in its scan. If possible you may want to scan first before updating the signature file to find out, and then update. If you set ClamXav to auto-update the signature file, however, this pre-update check obviously won't work. That's also true if you're running ClamXav Sentry, as Sentry can be configured to auto-update on startup as well.
