ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
Adam Dinwoodie
adam@dinwoodie.org
Thu Oct 30 12:50:00 GMT 2014
On Thu, Oct 30, 2014 at 03:42:14PM +0800, Kal Sze wrote:
> I just performed a cygwin update, one of the updated packages was ruby
> 2.0.0-p594-1.
>
> However, Symantec Endpoint Protection, with definitions "Wednesday,
> October 29, 2014 r1", detected
> C:\cygwin64\lib\ruby\2.0.0\mathn\rational.so as Trojan.ADH and
> automatically deleted it.
>
> Is this a false positive?
As ever in such circumstances, the advice in the FAQ at [0] applies.
Per [1], this is simply a heuristic detection rather than detecting any
particular virus, ie Symantec just thinks it looks a bit suspicious
rather than actually confirming there's a problem.
[0]: https://cygwin.com/faq.html#faq.setup.virus
[1]: http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list