ocra is now being flagged as a trojan virus by McAfee

[alilland]

recently ocra is being flagged as a trojan virus by McAfee, below are the On-Acces Scan Messages that are being thrown by McAfee

Message: VirusScan Alert! Date and Time: 6/21/2016 7:30:07 AM Name: C:\Users\ALilland\AppData\Local\Temp\ocr5774.tmp\lib\ruby\gems\2.2.0\gems\ocra-1.3.6\share\ocra\stubw.exe Detected As: Artemis!036A4800721F State: Deleted

[d-jaffe]

Having this issue as well.

[Bodikai]

Same here.

After a lot of searching for how to create an executable for Ruby, it looks like Ocra is the best and most widely used option. But the first time I tried to use it, my anti-virus (AVG) flagged the same file (stubw.exe) as a trojan virus. After some searching it looks like other people have mentioned that even the resulting executable created by Ocra gets flagged as a virus.

Does anyone have any info on this?

[mkssion]

Same here with AVG Antivirus.

Seems like someone wants to spread Trojans...

[LucasJensen]

Same here with AVG.

Probably something that wants to get fixed, i've sent it in to AVG so they can take a look at it.

To give a little more info, it has been detected as a Trojan Horse Zbot.ANBS

[hamiljs]

Today, Windows defender flagged all of my Ocra exe as rundas plock. Time to cruise the source a little closer.

[hamiljs]

After digging in a little further, it is the share/stub.exe it doesn't like which is created from src/stub.c At first glance, I don't see what the AV doesn't like. Still looking.

[damian-m-g]

All executables from ocra detected also as virus for Symantec anti-virus. Using:

• Ocra 1.3.6
• Ruby 2.3.1
• Windows 8.1 Enterprise
• Symantec Endpoint Protection 12.1.6

[artyomkalm]

Are there any news for this issue?

[jmjurado23]

Same issue with:

• ocra 1.3.6
• windows 7
• AVG antivirus. I have to dissable antivirus to create an executable.

Are there some news?

[larsch]

I don't know how to handle this other than recompile. Please try and report false positives to them instead of here, unless you think it has a virus of course. I've scanned stub.exe and stubw.exe on VirusTotal with a clean on all but two. Tools like ocra are susceptible to being flagged by Virus scanners because they (a) use special mechanisms to install and run programs and (b) could have been used by others to create malicious programs, which, when flagged, will match other ocra-based .exe as well.