ClamXav detect Andr.Exploit.Ratc in 1.6 update?

I am using ClamXav on OSX 10.9.5. After accidentally unzipping the 1.6 FairPhone-update (/FP1_Fairphone_OS_1G13G_v1_6_OTA_2014-07-31) it got scanned by ClamXav and the following warning was produced:

/FP1_Fairphone_OS_1G13G_v1_6_OTA_2014-07-31/system/bin/vold: Andr.Exploit.Ratc FOUND

The zipped version of the updater gets scanned without warning.
Is this a false positive or or should I be concerned that this malware has found its way into the installer?

ClamXav Version: 2.6.4
Engine Version: 0.98.4

Yes and no… FP contains a ‘danger of exploit’ simply because the phone is rooted by default. So its both a positive and a ‘false’ one. Thus no need to worry, at least not if this thread, and FPs developer team, are trustworthy:


Thx for the answer and for pointing me to that thread.
I have since scanned some older versions of the FP OS and got the same warning. Interesting how one persons’ phone-freedom can be another persons exploit :slight_smile: