Just ran ClamAV on a machine. You might find these entries in the log amusing:
/usr/local/programs/amber/amber11/doc/AmberTools.pdf: Suspect.PDF.ObfuscatedJS-1 FOUND
/usr/local/programs/amber/amber11/doc/leap_pg.pdf: Suspect.PDF.ObfuscatedJS-1 FOUND
/usr/local/programs/amber/amber11/AmberTools/src/gleap/leapdoc/leap_pg.pdf: Suspect.PDF.ObfuscatedJS-1 FOUND
I don't think they mean the docs are compromised. The md5sum for the leap_pg.pdf there is the same as on two other machines, including the git repo that I just updated. I'm sure there's some internal check the files don't pass, but I don't know what. Based on a cursory Googling, I think there is an evil and hard to detect exploit involving javascript embedded in pdf files, and these files must look somehow as if they have it.
I'm sure this isn't worth losing sleep over, but figured you'd want to know.
:-) Lachele
--
B. Lachele Foley, PhD '92,'02
Assistant Research Scientist
Complex Carbohydrate Research Center, UGA
706-542-0263
lfoley.ccrc.uga.edu
_______________________________________________
AMBER-Developers mailing list
AMBER-Developers.ambermd.org
http://lists.ambermd.org/mailman/listinfo/amber-developers
Received on Tue May 25 2010 - 18:30:03 PDT