A while a go I wrote an article on the tech jam blog about using anti virus / malware software on GNU / Linux systems using Clam AV., you can read this here. I decided to run this on my own system (hence the article). I then decided to re-install DOS box and run Windows 3.1 in dosbox to see if it still worked.
For some reason Clam AV seems to think some components of the Windows3.1 folder is malware, As I deleted these files windows.3.1 didn’t work so I had to re-install from a back up folder on a cd-rom to which my windows 3.1 floppy disks had been copied in order to make install easier when I originally had Windows 3.1.
I have just run ClamAV again and it came up with 8 threats, one was clearly a real threat, so got deleted, the rest were all files in my C-DRIVE folder.
This kind of goes to show this software can produce false positives, so be cautious when interpreting output scanning software.
It seems this can be caused by having the PUA (potentially unwanted Applications) box ticked in the settings
Third setting down. If you disable this then it may stop ClamAV picking up EXE files as problematic.