it turns that is not a virus… kind of is an exploit, so anyone can create a PDF that can be used to acces your server… unwilling to do so. maybe compressing the files would solve this issue.