On Thu, Oct 30, 2014 at 03:42:14PM +0800, Kal Sze wrote: > I just performed a cygwin update, one of the updated packages was ruby > 2.0.0-p594-1. > > However, Symantec Endpoint Protection, with definitions "Wednesday, > October 29, 2014 r1", detected > C:\cygwin64\lib\ruby\2.0.0\mathn\rational.so as Trojan.ADH and > automatically deleted it. > > Is this a false positive?
As ever in such circumstances, the advice in the FAQ at [0] applies. Per [1], this is simply a heuristic detection rather than detecting any particular virus, ie Symantec just thinks it looks a bit suspicious rather than actually confirming there's a problem. [0]: https://cygwin.com/faq.html#faq.setup.virus [1]: http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
