Opened 6 years ago
Closed 6 years ago
#57713 closed defect (invalid)
McAfee virus scanner caught something in 'test-pdb.exe' as 'RDN/Generic.cpt' trojan
Reported by: | jakehurst (Justine Akehurst) | Owned by: | |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | base | Version: | 2.5.4 |
Keywords: | sierra | Cc: | |
Port: | Base |
Description
I was running MacPorts 'selfupdate' today to update my ports list, and my virus scanner caught something in '/opt/local/var/macports/build/test-pdb.exe' as something called a 'RDN/Generic.cpt' Trojan.
Virus scanner says it 'cleaned' the file.
Attachments (2)
Change History (7)
Changed 6 years ago by jakehurst (Justine Akehurst)
Attachment: | Screen Shot 2018-12-02 at 1.17.07 PM.png added |
---|
Changed 6 years ago by jakehurst (Justine Akehurst)
Attachment: | Screen Shot 2018-12-02 at 1.18.56 PM.png added |
---|
Another screenshot of McAfee, which seems to show more of an exact location of 'test-pdb.exe'
comment:1 Changed 6 years ago by jmroot (Joshua Root)
That file is not part of MacPorts base. Not sure how it got into the top level of the build directory, but this seems relevant? http://lists.llvm.org/pipermail/cfe-users/2017-April/001131.html
comment:2 Changed 6 years ago by jmroot (Joshua Root)
Oh I see, your second screenshot shows that it's not in the top level, it's in a particular port's subdirectory. Unfortunately the middle part that shows which port it belongs to has been abbreviated with an ellipsis. Can you determine the full path?
I would guess it's part of the test suite for one of the llvm ports, but let's make sure.
comment:3 Changed 6 years ago by jakehurst (Justine Akehurst)
OK, googled a little deeper and found this article: http://lists.llvm.org/pipermail/lldb-dev/2016-November/011568.html
The source code is here:
And it definitely does nothing. Most of these AV are heuristic, it's probably suspicious about the fact that it's linked with unusual settings (ie /nodefaultlib) which we did in order to minimize the binary size (the pdb is quite large if we don't do this)
On Mon, Nov 7, 2016 at 4:03 PM Jim Ingham via lldb-dev < lldb-dev at lists.llvm.org> wrote:
Over in the Swift GitHub, somebody filed:
https://bugs.swift.org/browse/SR-3147
with the claim that this file contains a trojan? Dunno if this is bogus or not, but it's worth somebody on the Windows side checking it out...
Jim
So, this is benign.
comment:5 Changed 6 years ago by jmroot (Joshua Root)
Resolution: | → invalid |
---|---|
Status: | new → closed |
Screenshot of the dialog that shows that McAfee caught a trojan in MacPorts base.