With Microsoft Word, a document and all macros related to it are stored in a single file. So a file called DOCUMENT.DOC or DOCUMENT.DOT contains both the document contents and the macros. But with Lotus' Ami Pro, macros are stored in a separate file: if you have DOCUMENT.SAM, macros related to it are in DOCUMENT.SMM. This makes it somewhat more difficult for Ami Pro viruses to spread, since when a user is distributing a document, he is likely to leave the .SMM file behind, effectively disabling the virus.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
The first Ami Pro macro virus was located in January 1996. The virus, which is called Green Stripe or AmiMacro/GreenStripe, works by creating a .SMM file for every .SAM file in Ami Pro's default DOCS directory (\amipro\docs), and modifying the existing .SAM files to use the new macros. The name of the virus comes from it's main macro procedure, which is called Green_Stripe_virus.
Green Stripe propagates by intercepting Ami's File/Save and File/Save As commands. Using File/Save As and saving an infected document to a network drive or a floppy is the only likely way for this virus to spread from a machine to another.
Green Stripe has an activation routine which triggers during saving: the virus searches through the document and replaces all occurences of the word "its" with "it's". Such a change can easily go undetected by the user. However, it is unclear whether this routine works at all.
Green Stripe is rumoured to have been originally published in a US virus-related magazine. It is unlikely to spread in the wild.
Open the Tools/Macros/Edit menu and check whether the document has a .SMM macro file assigned to be executed on open. To disinfect an infected document, just delete the .SMM file, open the document to Ami and uncheck the above setting.
Also, the initial infection process takes a long time, and the user is likely to notice that something is going wrong, since all the documents in the default directory are quickly appearing and disappearing on the screen while the virus infects them.