X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:references :mime-version:content-type:in-reply-to; q=dns; s=default; b=CHaN 2AtEspOkInQNR/+Km+qa2nxtPgsmAlH5XkiZvZ5SE9jDz52ERpTwX2Ow3mLOY+mP Enz4AUQAl8624KYO9pVZFwS51xx+U30y1LVlsUVlHbLqmkMQv9olal1iS0ZAgtm7 Th/HatuUmttasweM2w29Snt0GqVKeaqTobrGm6M= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:references :mime-version:content-type:in-reply-to; s=default; bh=01taDocM1b G8MbgFX7irivUrczM=; b=pMyaIJvJunfSe+Z35msjVFHof32Pj90Fz6ud5cqy+h HWN+uVrZpbsKosf0JcYg5URMOryVjKFiYESxApB0ZX0KSlgc8oNcMfKKhNpm5Ysf csAY0HokhqRILSy59WANrDnaU1dg4DBVkA/WnTdZD+mW8OIIhQaIUkzjyHTsABQy E= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-wg0-f43.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=+XysC7rtZZDUub9M/CipsWpeIk2rlJCdqiNG+UME4Ss=; b=UMxtDPT6AsLuvpoq2jf7MwP7TXm9mXm2t4G1B1TteyPmoBbU1yoOYJMwibgQtDksko vaR/R42WDvARigXrQfgktOurCm75rWIsrauUOPS2V0UuH+YU7gpvf9zxe/yMuHZmsEA5 7Ub/5uFBsqBrf6ChxbBmzWXLAg5mgHLAYrb8+Ra7sYUjTMb3oyUUD7RNxj5LkEQsSmRg NgjuLwkm+EvMDI7TQtqDwBo5qF7YNC6cRaiUSSsMsN1qFtf1mYdEjvFsm4FTL12xnf47 /bM7MJeqjGdbshyhP35yL2lqL2jBiRxwfOqejV4bpY1yvwOv2pE9tuckpyaPmyOVX0tx v66g== X-Gm-Message-State: ALoCoQmqGwOPDP9qxlZVz6APfpVNBTe1Ls/XQjAY9sHbOzCDcSrrc8MtEEAvIYUJ39Qwk+BHSp7G X-Received: by 10.194.240.68 with SMTP id vy4mr20549831wjc.36.1414673405812; Thu, 30 Oct 2014 05:50:05 -0700 (PDT) Date: Thu, 30 Oct 2014 12:50:03 +0000 From: Adam Dinwoodie To: cygwin AT cygwin DOT com Subject: Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection Message-ID: <20141030125003.GI9828@dinwoodie.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes On Thu, Oct 30, 2014 at 03:42:14PM +0800, Kal Sze wrote: > I just performed a cygwin update, one of the updated packages was ruby > 2.0.0-p594-1. > > However, Symantec Endpoint Protection, with definitions "Wednesday, > October 29, 2014 r1", detected > C:\cygwin64\lib\ruby\2.0.0\mathn\rational.so as Trojan.ADH and > automatically deleted it. > > Is this a false positive? As ever in such circumstances, the advice in the FAQ at [0] applies. Per [1], this is simply a heuristic detection rather than detecting any particular virus, ie Symantec just thinks it looks a bit suspicious rather than actually confirming there's a problem. [0]: https://cygwin.com/faq.html#faq.setup.virus [1]: http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple