Mail Archives: cygwin/2014/10/30/08:50:28

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/10/30/08:50:28

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:references

:mime-version:content-type:in-reply-to; q=dns; s=default; b=CHaN

2AtEspOkInQNR/+Km+qa2nxtPgsmAlH5XkiZvZ5SE9jDz52ERpTwX2Ow3mLOY+mP

Enz4AUQAl8624KYO9pVZFwS51xx+U30y1LVlsUVlHbLqmkMQv9olal1iS0ZAgtm7

Th/HatuUmttasweM2w29Snt0GqVKeaqTobrGm6M=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:references

:mime-version:content-type:in-reply-to; s=default; bh=01taDocM1b

G8MbgFX7irivUrczM=; b=pMyaIJvJunfSe+Z35msjVFHof32Pj90Fz6ud5cqy+h

HWN+uVrZpbsKosf0JcYg5URMOryVjKFiYESxApB0ZX0KSlgc8oNcMfKKhNpm5Ysf

csAY0HokhqRILSy59WANrDnaU1dg4DBVkA/WnTdZD+mW8OIIhQaIUkzjyHTsABQy

E=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mail-wg0-f43.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=+XysC7rtZZDUub9M/CipsWpeIk2rlJCdqiNG+UME4Ss=; b=UMxtDPT6AsLuvpoq2jf7MwP7TXm9mXm2t4G1B1TteyPmoBbU1yoOYJMwibgQtDksko vaR/R42WDvARigXrQfgktOurCm75rWIsrauUOPS2V0UuH+YU7gpvf9zxe/yMuHZmsEA5 7Ub/5uFBsqBrf6ChxbBmzWXLAg5mgHLAYrb8+Ra7sYUjTMb3oyUUD7RNxj5LkEQsSmRg NgjuLwkm+EvMDI7TQtqDwBo5qF7YNC6cRaiUSSsMsN1qFtf1mYdEjvFsm4FTL12xnf47 /bM7MJeqjGdbshyhP35yL2lqL2jBiRxwfOqejV4bpY1yvwOv2pE9tuckpyaPmyOVX0tx v66g==

X-Gm-Message-State: ALoCoQmqGwOPDP9qxlZVz6APfpVNBTe1Ls/XQjAY9sHbOzCDcSrrc8MtEEAvIYUJ39Qwk+BHSp7G

X-Received: by 10.194.240.68 with SMTP id vy4mr20549831wjc.36.1414673405812; Thu, 30 Oct 2014 05:50:05 -0700 (PDT)

Date: Thu, 30 Oct 2014 12:50:03 +0000

From: Adam Dinwoodie <adam AT dinwoodie DOT org>

To: cygwin AT cygwin DOT com

Subject: Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection

Message-ID: <20141030125003.GI9828@dinwoodie.org>

References: <CAGZiy72XJwETH4dXDSZi8n9GZqvO2L8kdirfjhhWw7gdN7rMPw AT mail DOT gmail DOT com>

MIME-Version: 1.0

In-Reply-To: <CAGZiy72XJwETH4dXDSZi8n9GZqvO2L8kdirfjhhWw7gdN7rMPw@mail.gmail.com>

User-Agent: Mutt/1.5.21 (2010-09-15)

X-IsSubscribed: yes

On Thu, Oct 30, 2014 at 03:42:14PM +0800, Kal Sze wrote:
> I just performed a cygwin update, one of the updated packages was ruby
> 2.0.0-p594-1.
> 
> However, Symantec Endpoint Protection, with definitions "Wednesday,
> October 29, 2014 r1", detected
> C:\cygwin64\lib\ruby\2.0.0\mathn\rational.so as Trojan.ADH and
> automatically deleted it.
> 
> Is this a false positive?

As ever in such circumstances, the advice in the FAQ at [0] applies.

Per [1], this is simply a heuristic detection rather than detecting any
particular virus, ie Symantec just thinks it looks a bit suspicious
rather than actually confirming there's a problem.

[0]: https://cygwin.com/faq.html#faq.setup.virus
[1]: http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:references
	:mime-version:content-type:in-reply-to; q=dns; s=default; b=CHaN
	2AtEspOkInQNR/+Km+qa2nxtPgsmAlH5XkiZvZ5SE9jDz52ERpTwX2Ow3mLOY+mP
	Enz4AUQAl8624KYO9pVZFwS51xx+U30y1LVlsUVlHbLqmkMQv9olal1iS0ZAgtm7
	Th/HatuUmttasweM2w29Snt0GqVKeaqTobrGm6M=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:references
	:mime-version:content-type:in-reply-to; s=default; bh=01taDocM1b
	G8MbgFX7irivUrczM=; b=pMyaIJvJunfSe+Z35msjVFHof32Pj90Fz6ud5cqy+h
	HWN+uVrZpbsKosf0JcYg5URMOryVjKFiYESxApB0ZX0KSlgc8oNcMfKKhNpm5Ysf
	csAY0HokhqRILSy59WANrDnaU1dg4DBVkA/WnTdZD+mW8OIIhQaIUkzjyHTsABQy
	E=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mail-wg0-f43.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=+XysC7rtZZDUub9M/CipsWpeIk2rlJCdqiNG+UME4Ss=; b=UMxtDPT6AsLuvpoq2jf7MwP7TXm9mXm2t4G1B1TteyPmoBbU1yoOYJMwibgQtDksko vaR/R42WDvARigXrQfgktOurCm75rWIsrauUOPS2V0UuH+YU7gpvf9zxe/yMuHZmsEA5 7Ub/5uFBsqBrf6ChxbBmzWXLAg5mgHLAYrb8+Ra7sYUjTMb3oyUUD7RNxj5LkEQsSmRg NgjuLwkm+EvMDI7TQtqDwBo5qF7YNC6cRaiUSSsMsN1qFtf1mYdEjvFsm4FTL12xnf47 /bM7MJeqjGdbshyhP35yL2lqL2jBiRxwfOqejV4bpY1yvwOv2pE9tuckpyaPmyOVX0tx v66g==
X-Gm-Message-State:	ALoCoQmqGwOPDP9qxlZVz6APfpVNBTe1Ls/XQjAY9sHbOzCDcSrrc8MtEEAvIYUJ39Qwk+BHSp7G
X-Received:	by 10.194.240.68 with SMTP id vy4mr20549831wjc.36.1414673405812; Thu, 30 Oct 2014 05:50:05 -0700 (PDT)
Date:	Thu, 30 Oct 2014 12:50:03 +0000
From:	Adam Dinwoodie <adam AT dinwoodie DOT org>
To:	cygwin AT cygwin DOT com
Subject:	Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
Message-ID:	<20141030125003.GI9828@dinwoodie.org>
References:	<CAGZiy72XJwETH4dXDSZi8n9GZqvO2L8kdirfjhhWw7gdN7rMPw AT mail DOT gmail DOT com>
MIME-Version:	1.0
In-Reply-To:	<CAGZiy72XJwETH4dXDSZi8n9GZqvO2L8kdirfjhhWw7gdN7rMPw@mail.gmail.com>
User-Agent:	Mutt/1.5.21 (2010-09-15)
X-IsSubscribed:	yes