@samtuke @aohren This problem has just happened on my shared hosting account causing the account to be suspended. I had just upgraded to 3.3.9-RC1 and ClamAV found a problem with the same file in the new release and in the backup of phplist 3.3.8 backup that was made.
Critical! - File Access Disabled - /home/dcameron/public_html/lists/admin/plugins/CKEditorPlugin/kcfinder/cache/base.js - ['/home/dcameron/public_html/lists/admin/plugins/CKEditorPlugin/kcfinder/cache/base.js'] - ClamAV detected virus = [Txt.Trojan.Coinminer-6840768-0]
Critical! - File Access Disabled - /home/dcameron/phplist/update/lists_3.3.8_201902051842/admin/plugins/CKEditorPlugin/kcfinder/cache/base.js - ['/home/dcameron/phplist/update/lists_3.3.8_201902051842/admin/plugins/CKEditorPlugin/kcfinder/cache/base.js'] - ClamAV detected virus = [Txt.Trojan.Coinminer-6840768-0]
In my case the file that appears to fail scanning by ClamAV is in the KCFinder package within the CKEditor plugin. I have compared the file in the 3.3.9-RC1 zip file to that in the Github repository and they are the same, so as the file has not changed then I guess it may be false positive with ClamAV.