My client's using a theme that includes timthumb.php, which popped up in the quarantined files list on a recent complete scan but Anti-Malware didn't record it as a timthumb exploit. It's not in the quarantine folder, and I redownloaded timthumb from the google code site and renamed the original file. Everything's still working appropriately on the front end, but on a subsequent full scan it still shows up as quarantined (without actually having been quarantined).
We're running the current version of the plugin with current definitions.
Does this sound like a bug, or is there something else amiss with timthumb, as far as Anti-malware is concerned?