Forum: Ruby bluecloth 1.0.0 - Test contain trojan ??

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Fe57662c550fb3cce44c398ddf2dd706?d=identicon&s=25 itsme213 (Guest)
on 2005-12-02 17:41
(Received via mailing list)
I just got a very peculiar warning from running McAfee virus scan (XP):

BlueCloth-1.0.0\tests\15_Contrib.tests.rb is infected by the
  JS\Exploit-CrossSite trojan.

Anything to be concerned about here? Or a total red-herring from McAfee?

(McAfee seems to have the file somehow locked right now so I can't even
browse its contents.)

Thanks.
428f96cc689eb7419bba3a8bbfcc222a?d=identicon&s=25 stefan (Guest)
on 2005-12-02 18:29
(Received via mailing list)
itsme213 wrote:
> I just got a very peculiar warning from running McAfee virus scan (XP):
>
> BlueCloth-1.0.0\tests\15_Contrib.tests.rb is infected by the
>   JS\Exploit-CrossSite trojan.
>
> Anything to be concerned about here? Or a total red-herring from McAfee?

Antivir (updated 2 hours ago) does not complain.

Perhaps McAffee uses some heuristics to guess whether sth is a virus or
not.

Possibly because of the string DangerousHtml (containing <script> tags).

There has been an online-virus-scanner somewhere sometime, but - here it
is:

http://www.kaspersky.com/scanforvirus
C6cee02f88882b1d29efbf899665f2b3?d=identicon&s=25 rubymage (Guest)
on 2005-12-07 23:24
(Received via mailing list)
This has already been reported, but it's an artifact of McAfee's
heuristics, not an actual virus. For more details check out:

  <http://www.deveiate.org/projects/BlueCloth/ticket/29>
This topic is locked and can not be replied to.