Re: [AMBER-Developers] Docs don't pass AntiVirus scan

From: Gustavo Seabra <gustavo.seabra.gmail.com>
Date: Wed, 26 May 2010 10:52:37 -0300

This could actually be a problem with ClamAV. I don't see this with
McAfee VirusScan.

Gustavo Seabra
Professor Adjunto
Departamento de Química Fundamental
Universidade Federal de Pernambuco
Fone: +55-81-2126-7417



On Tue, May 25, 2010 at 10:11 PM, Lachele Foley <lfoley.ccrc.uga.edu> wrote:
> Just ran ClamAV on a machine.  You might find these entries in the log amusing:
>
> /usr/local/programs/amber/amber11/doc/AmberTools.pdf: Suspect.PDF.ObfuscatedJS-1 FOUND
> /usr/local/programs/amber/amber11/doc/leap_pg.pdf: Suspect.PDF.ObfuscatedJS-1 FOUND
> /usr/local/programs/amber/amber11/AmberTools/src/gleap/leapdoc/leap_pg.pdf: Suspect.PDF.ObfuscatedJS-1 FOUND
>
> I don't think they mean the docs are compromised.  The md5sum for the leap_pg.pdf there is the same as on two other machines, including the git repo that I just updated.  I'm sure there's some internal check the files don't pass, but I don't know what.  Based on a cursory Googling, I think there is an evil and hard to detect exploit involving javascript embedded in pdf files, and these files must look somehow as if they have it.
>
> I'm sure this isn't worth losing sleep over, but figured you'd want to know.
>
> :-) Lachele
> --
> B. Lachele Foley, PhD '92,'02
> Assistant Research Scientist
> Complex Carbohydrate Research Center, UGA
> 706-542-0263
> lfoley.ccrc.uga.edu
>
> _______________________________________________
> AMBER-Developers mailing list
> AMBER-Developers.ambermd.org
> http://lists.ambermd.org/mailman/listinfo/amber-developers
>

_______________________________________________
AMBER-Developers mailing list
AMBER-Developers.ambermd.org
http://lists.ambermd.org/mailman/listinfo/amber-developers
Received on Wed May 26 2010 - 07:00:08 PDT
Custom Search