"port" command generates Trojan warning

[koen@…]

When running the "port" command, Kaspersky Anti/Virus on Mac gives me the following warning:

Trojan program detected
An application is accessing file that contains a Trojan program
Threat: Trojan-PSW.Win32.LdPinch.ex
Object: /opt/local//share/macports/Tcl/macports1.0/MacPorts.dylib

[koen@…]

Kaspersky popup

[koen@…]

MD5 (/opt/local/share/macports/Tcl/macports1.0/MacPorts.dylib) = 0d8f6d8b2a14bdd3d81a06d5dc6e1d37

[koen@…]

A scan claims the following file is also infected with Trojan-PSW.Win32.LdPinch.ex:

/opt/local/var/macports/sources/rsync.macports.org/release/tarballs/base/src/macports1.0/MacPorts.dylib

[neverpanic (Clemens Lang)]

That's very likely a false positive. Unfortunately I couldn't find any documentation on why Kaspersky thinks this is a Trojan. Please contact your anti-virus vendor and have them investigate the file.

You can rebuild this file from scratch in /opt/local/var/macports/sources/rsync.macports.org/release/tarballs/base/src/macports1.0/. The source code that gets built into the dylib is given in macports.c, get_systemconfiguration_proxies.c and sysctl.c in this directory. Please review these files if you want to make sure they do not contain any malicious code. To rebuild those files, type make clean, make and sudo make install in this directory.

[ryandesign (Ryan Carsten Schmidt)]

The file you attached looks like a normal MacPorts.dylib. I would assume that a claim that a file compiled for OS X contains any virus, trojan or other malicious code that could affect Win32 is silly. Tell Kaspersky to fix their software.