Form flagged as virus in email server

I had an issue today where I couldn't send a PDF form I had been working on to a coworker, and found out that the form was being flagged by our server as a virus (MAL/PdfEx-C). I traced back through the changes I made (a previous version had no problems posting) and was finally able to track it down to a function I had added to a field's Custom Format event. In that event, I needed to sort an array of checkboxes to keep them in the proper order and concatenate their values. I added a function to do the sorting, and this was what was being flagged by our server. I moved the sort function out of the Custom Format event into a standard JavaScript code module, and had no problems then emailing the file. This is the function:

// Custom sort order for checkbox field array

function customSort(a,b) {

    return( a.name.toString() < b.name.toString());

}

Can anyone say why the email server would flag a file for having a function defined within the field's events? I usually don't do this, (I put all code into a code module for reusability across all fields), but in this instance I knew it would only be used within that event. I will remember to avoid this situation in the future, but was wondering if there was an explanation for why this happened in the first place. It took me an hour or two to track down this issue, and I would like to know a little more about this in case something like this happens in the future.

Thanks.