Okay, I just got my Facebook data (what little there is of it... I'm not a big Facebook user), and there's nothing in it recognized by Sophos as malware. So it's definitely not something that everyone will find in their Facebook data.
Where in your Facebook data was the file? And would you be willing to e-mail the file Sophos identified to me, so I can do some tests? You can find my e-mail address on the "contact me" link at the bottom of my Mac Malware Guide. (Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)
Edit: to e-mail it without getting flagged as sending malware, open the Terminal and paste in the following command:
zip -e ~/Desktop/fkcodec.zip
Make sure there's a space at the end, and then drop the file identified by Sophos onto the Terminal window. Hit return, and enter "infected" as the password. Take the resulting fkcodec.zip file, which will show up on the desktop, and e-mail that to me.