This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection

From: Adam Dinwoodie <adam at dinwoodie dot org>
To: cygwin at cygwin dot com
Date: Thu, 30 Oct 2014 12:50:03 +0000
Subject: Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
Authentication-results: sourceware.org; auth=none
References: <CAGZiy72XJwETH4dXDSZi8n9GZqvO2L8kdirfjhhWw7gdN7rMPw at mail dot gmail dot com>

On Thu, Oct 30, 2014 at 03:42:14PM +0800, Kal Sze wrote:
> I just performed a cygwin update, one of the updated packages was ruby
> 2.0.0-p594-1.
> 
> However, Symantec Endpoint Protection, with definitions "Wednesday,
> October 29, 2014 r1", detected
> C:\cygwin64\lib\ruby\2.0.0\mathn\rational.so as Trojan.ADH and
> automatically deleted it.
> 
> Is this a false positive?

As ever in such circumstances, the advice in the FAQ at [0] applies.

Per [1], this is simply a heuristic detection rather than detecting any
particular virus, ie Symantec just thinks it looks a bit suspicious
rather than actually confirming there's a problem.

[0]: https://cygwin.com/faq.html#faq.setup.virus
[1]: http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

References:
- ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
  - From: Kal Sze

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]