Forum: Ruby bluecloth 1.0.0 - Test contain trojan ??

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
itsme213 (Guest)
on 2005-12-02 18:41
(Received via mailing list)
I just got a very peculiar warning from running McAfee virus scan (XP):

BlueCloth-1.0.0\tests\15_Contrib.tests.rb is infected by the
  JS\Exploit-CrossSite trojan.

Anything to be concerned about here? Or a total red-herring from McAfee?

(McAfee seems to have the file somehow locked right now so I can't even
browse its contents.)

Thanks.
stefan (Guest)
on 2005-12-02 19:29
(Received via mailing list)
itsme213 wrote:
> I just got a very peculiar warning from running McAfee virus scan (XP):
>
> BlueCloth-1.0.0\tests\15_Contrib.tests.rb is infected by the
>   JS\Exploit-CrossSite trojan.
>
> Anything to be concerned about here? Or a total red-herring from McAfee?

Antivir (updated 2 hours ago) does not complain.

Perhaps McAffee uses some heuristics to guess whether sth is a virus or
not.

Possibly because of the string DangerousHtml (containing <script> tags).

There has been an online-virus-scanner somewhere sometime, but - here it
is:

http://www.kaspersky.com/scanforvirus
rubymage (Guest)
on 2005-12-08 00:24
(Received via mailing list)
This has already been reported, but it's an artifact of McAfee's
heuristics, not an actual virus. For more details check out:

  <http://www.deveiate.org/projects/BlueCloth/ticket/29>
This topic is locked and can not be replied to.