On Tue, May 25, 2010 at 9:11 PM, Lachele Foley <lfoley.ccrc.uga.edu> wrote:
> Just ran ClamAV on a machine. You might find these entries in the log
> amusing:
>
> /usr/local/programs/amber/amber11/doc/AmberTools.pdf:
> Suspect.PDF.ObfuscatedJS-1 FOUND
> /usr/local/programs/amber/amber11/doc/leap_pg.pdf:
> Suspect.PDF.ObfuscatedJS-1 FOUND
> /usr/local/programs/amber/amber11/AmberTools/src/gleap/leapdoc/leap_pg.pdf:
> Suspect.PDF.ObfuscatedJS-1 FOUND
>
> I don't think they mean the docs are compromised. The md5sum for the
> leap_pg.pdf there is the same as on two other machines, including the git
> repo that I just updated. I'm sure there's some internal check the files
> don't pass, but I don't know what. Based on a cursory Googling, I think
> there is an evil and hard to detect exploit involving javascript embedded in
> pdf files, and these files must look somehow as if they have it.
>
Just don't give your PDF files root/execute permissions :). <3 unix
boo windoze.
>
> I'm sure this isn't worth losing sleep over, but figured you'd want to
> know.
>
> :-) Lachele
> --
> B. Lachele Foley, PhD '92,'02
> Assistant Research Scientist
> Complex Carbohydrate Research Center, UGA
> 706-542-0263
> lfoley.ccrc.uga.edu
>
> _______________________________________________
> AMBER-Developers mailing list
> AMBER-Developers.ambermd.org
> http://lists.ambermd.org/mailman/listinfo/amber-developers
>
--
Jason M. Swails
Quantum Theory Project,
University of Florida
Ph.D. Graduate Student
352-392-4032
_______________________________________________
AMBER-Developers mailing list
AMBER-Developers.ambermd.org
http://lists.ambermd.org/mailman/listinfo/amber-developers
Received on Tue May 25 2010 - 20:30:03 PDT
