[MacPorts] #57713: McAfee virus scanner caught something in 'test-pdb.exe' as 'RDN/Generic.cpt' trojan

Discussion:

MacPorts

2018-12-02 21:16:55 UTC

#57713: McAfee virus scanner caught something in 'test-pdb.exe' as
'RDN/Generic.cpt' trojan
-----------------------+--------------------
Reporter: jakehurst | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone:
Component: base | Version: 2.5.4
Keywords: sierra | Port: Base
-----------------------+--------------------
I was running MacPorts 'selfupdate' today to update my ports list, and my
virus scanner caught something in '/opt/local/var/macports/build/test-
pdb.exe' as something called a 'RDN/Generic.cpt' Trojan.

Virus scanner says it 'cleaned' the file.

--
Ticket URL: <https://trac.macports.org/ticket/57713>
MacPorts <https://www.macports.org/>
Ports system for macOS

MacPorts

2018-12-02 21:18:03 UTC

Permalink

--
Ticket URL: <https://trac.macports.org/ticket/57713>
MacPorts <https://www.macports.org/>
Ports system for macOS

MacPorts

2018-12-02 21:19:34 UTC

Permalink

--
Ticket URL: <https://trac.macports.org/ticket/57713>
MacPorts <https://www.macports.org/>
Ports system for macOS

MacPorts

2018-12-03 04:46:16 UTC

Permalink

--
Ticket URL: <https://trac.macports.org/ticket/57713#comment:1>
MacPorts <https://www.macports.org/>
Ports system for macOS

MacPorts

2018-12-03 04:53:55 UTC

Permalink

#57713: McAfee virus scanner caught something in 'test-pdb.exe' as
'RDN/Generic.cpt' trojan
------------------------+--------------------
Reporter: jakehurst | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone:
Component: base | Version: 2.5.4
Resolution: | Keywords: sierra
Port: Base |
------------------------+--------------------

Comment (by jmroot):

Oh I see, your second screenshot shows that it's not in the top level,
it's in a particular port's subdirectory. Unfortunately the middle part
that shows which port it belongs to has been abbreviated with an ellipsis.
Can you determine the full path?

I would guess it's part of the test suite for one of the llvm ports, but
let's make sure.

--
Ticket URL: <https://trac.macports.org/ticket/57713#comment:2>
MacPorts <https://www.macports.org/>
Ports system for macOS

MacPorts

2018-12-03 05:09:04 UTC

Permalink

#57713: McAfee virus scanner caught something in 'test-pdb.exe' as
'RDN/Generic.cpt' trojan
------------------------+--------------------
Reporter: jakehurst | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone:
Component: base | Version: 2.5.4
Resolution: | Keywords: sierra
Port: Base |
------------------------+--------------------

Comment (by jakehurst):

OK, googled a little deeper and found this article:
http://lists.llvm.org/pipermail/lldb-dev/2016-November/011568.html

The source code is here:

https://llvm.org/svn/llvm-
project/lldb/branches/google/testing/unittests/SymbolFile/PDB/Inputs/test-
pdb.cpp

And it definitely does nothing. Most of these AV are heuristic, it's
probably suspicious about the fact that it's linked with unusual settings
(ie /nodefaultlib) which we did in order to minimize the binary size (the
pdb is quite large if we don't do this)

On Mon, Nov 7, 2016 at 4:03 PM Jim Ingham via lldb-dev <

https://bugs.swift.org/browse/SR-3147
with the claim that this file contains a trojan? Dunno if this is bogus
or not, but it's worth somebody on the Windows side checking it out...
Jim

So, this is benign.

--
Ticket URL: <https://trac.macports.org/ticket/57713#comment:3>
MacPorts <https://www.macports.org/>
Ports system for macOS

MacPorts

2018-12-03 05:10:01 UTC

Permalink

--
Ticket URL: <https://trac.macports.org/ticket/57713#comment:4>
MacPorts <https://www.macports.org/>
Ports system for macOS

MacPorts

2018-12-03 05:52:40 UTC

Permalink

--
Ticket URL: <https://trac.macports.org/ticket/57713#comment:5>
MacPorts <https://www.macports.org/>
Ports system for macOS