AVG Free Edition reporting digest.so as a Trojan

I recently started running into trouble with my ruby install. Anytime
I tried to run ‘gem’ or ‘rake’ I’d get the following output:

gem list
c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load
– digest.so (LoadError)
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
11
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
require' from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501 from c:/ruby/bin/gem.bat:5:inrequire’
from c:/ruby/bin/gem.bat:5

I initially worked around this yesterday by reinstalling ruby & rails,
but then today the issue recurred, so I started digging deeper. I
tracked this down to my anti-virus software identifying digest.so as
“Trojan horse Generic10.JXS” and moving it into the Virus Vault
(effectively deleting it). I’m assuming that this is a false-
positive, as it occurred on both my work & home machines.

According to my virus scanner log, this was first detected on
2008-04-11 (the software updates itself daily).

Details:

OS: XP (home) Vista (work)

ruby --version
ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]

AVG Free Edition (http://free.grisoft.com/)
Internal Virus Database version: 269.22.13/1376

“Virus” details:
Object name: digest.so
Object path: C:\ruby\lib\ruby\1.8\i386-mswin32
Discovery: Trojan horse Generic10.JXS
Date of detection: 4/13/2008 7:13:40 AM
Source computer: …
Finder: SYSTEM
File size: 20 KB (20566 bytes)
Healable: No
Source: Backup copy
Status: Infected

You are a life saver! Had the same problem yesterday 15 April 2008.
This must be due to a recent update on AVG.

I’ve now restored the offending file digest.so and ruby and my mongrel
service is up and running again.
(Until the file gets virus vaulted again…)
Do we know whether this really is a false positive?
Is there a way to prevent the file from being virus vaulted?

Regards,

Fabricio

I found this post on the AVG Free Forum titled “You suspect a file to
be a false positive”:
http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv=

As per instructions, I ran digest.so through the site mentioned here:
http://virusscan.jotti.org/ and AVG Antivirus is the only scanner
that returns a positive result, which leads me to believe that we are
indeed dealing with a false positive, local to AVG. I have also
emailed digest.so in an encrypted zipfile to [email protected] I have
not tried disable heuristic scanning on the Resident Shield. I have
just been restoring the file from the virus vault each morning. :frowning:

–Joe

Got a response from AVG already:

Dear Sir/Madam,

thank you for your email.

We analyzed your file and we can confirm, that it is a false positive.
The detection of this file will be removed in next virus update.

If you need to restore deleted files from AVG Virus Vault you can do
it this way: open AVG Virus Vault (Start -> Programs -> AVG Antivirus
-> AVG Virus Vault). Locate the file that was removed, right click on
it and choose “Restore File(s)” option.

We are sorry for the inconvenience.

Answers to the most common questions can be found here as well:
http://www.avg.com/faq/

    Best regards,

    Martin Hosnedl
    AVG Technical Support

website: http://www.avg.com
mailto: [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs