This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
- From: Adam Dinwoodie <adam at dinwoodie dot org>
- To: cygwin at cygwin dot com
- Date: Thu, 30 Oct 2014 12:50:03 +0000
- Subject: Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
- Authentication-results: sourceware.org; auth=none
- References: <CAGZiy72XJwETH4dXDSZi8n9GZqvO2L8kdirfjhhWw7gdN7rMPw at mail dot gmail dot com>
On Thu, Oct 30, 2014 at 03:42:14PM +0800, Kal Sze wrote:
> I just performed a cygwin update, one of the updated packages was ruby
> 2.0.0-p594-1.
>
> However, Symantec Endpoint Protection, with definitions "Wednesday,
> October 29, 2014 r1", detected
> C:\cygwin64\lib\ruby\2.0.0\mathn\rational.so as Trojan.ADH and
> automatically deleted it.
>
> Is this a false positive?
As ever in such circumstances, the advice in the FAQ at [0] applies.
Per [1], this is simply a heuristic detection rather than detecting any
particular virus, ie Symantec just thinks it looks a bit suspicious
rather than actually confirming there's a problem.
[0]: https://cygwin.com/faq.html#faq.setup.virus
[1]: http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple