This is the mail archive of the
mailing list for the Cygwin project.
Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
- From: Adam Dinwoodie <adam at dinwoodie dot org>
- To: cygwin at cygwin dot com
- Date: Thu, 30 Oct 2014 12:50:03 +0000
- Subject: Re: ruby's rational.so detected as Trojan.ADH by Symantec Endpoint Protection
- Authentication-results: sourceware.org; auth=none
- References: <CAGZiy72XJwETH4dXDSZi8n9GZqvO2L8kdirfjhhWw7gdN7rMPw at mail dot gmail dot com>
On Thu, Oct 30, 2014 at 03:42:14PM +0800, Kal Sze wrote:
> I just performed a cygwin update, one of the updated packages was ruby
> However, Symantec Endpoint Protection, with definitions "Wednesday,
> October 29, 2014 r1", detected
> C:\cygwin64\lib\ruby\2.0.0\mathn\rational.so as Trojan.ADH and
> automatically deleted it.
> Is this a false positive?
As ever in such circumstances, the advice in the FAQ at  applies.
Per , this is simply a heuristic detection rather than detecting any
particular virus, ie Symantec just thinks it looks a bit suspicious
rather than actually confirming there's a problem.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple