Bluecloth 1.0.0 - Test contain trojan?


#1

I just got a very peculiar warning from running McAfee virus scan (XP):

BlueCloth-1.0.0\tests\15_Contrib.tests.rb is infected by the
JS\Exploit-CrossSite trojan.

Anything to be concerned about here? Or a total red-herring from McAfee?

(McAfee seems to have the file somehow locked right now so I can’t even
browse its contents.)

Thanks.


#2

itsme213 wrote:

I just got a very peculiar warning from running McAfee virus scan (XP):

BlueCloth-1.0.0\tests\15_Contrib.tests.rb is infected by the
JS\Exploit-CrossSite trojan.

Anything to be concerned about here? Or a total red-herring from McAfee?

Antivir (updated 2 hours ago) does not complain.

Perhaps McAffee uses some heuristics to guess whether sth is a virus or
not.

Possibly because of the string DangerousHtml (containing tags).

There has been an online-virus-scanner somewhere sometime, but - here it
is:

http://www.kaspersky.com/scanforvirus


#3

This has already been reported, but it’s an artifact of McAfee’s
heuristics, not an actual virus. For more details check out:

http://www.deveiate.org/projects/BlueCloth/ticket/29