Author Topic: False positive in Swift standard library?  (Read 7733 times)

0 Members and 1 Guest are viewing this topic.

Offline vol24pl

  • Newbie
  • *
  • Posts: 4
False positive in Swift standard library?
« on: February 21, 2018, 08:49:06 PM »
Suddenly one of Swift's standard library files is considered a bitcoin miner. Is it a false positive? File name is libswiftDispatch.dylib

Same issue: https://discussions.agilebits.com/discussion/86860/avg-quarantined-1password-libswiftdispatch-dylib

Offline ondruska

  • Newbie
  • *
  • Posts: 14
Re: False positive in Swift standard library?
« Reply #1 on: February 21, 2018, 09:11:59 PM »
Same here with /Applications/Xcode.app/Contents/Frameworks/libswiftDispatch.dylib

But:

codesign -dvvv /Applications/Xcode.app/Contents/Frameworks/libswiftDispatch.dylib
Executable=/Applications/Xcode.app/Contents/Frameworks/libswiftDispatch.dylib
Identifier=com.apple.dt.runtime.swiftDispatch
Format=Mach-O thin (x86_64)
CodeDirectory v=20200 size=2498 flags=0x2000(library-validation) hashes=73+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=5b26b6d50543a5a2c9da25392eff6cdf3eaecb9b
CandidateCDHash sha256=71530697449cbf4eff0a8d7a41dbf19aa620e82d
Hash choices=sha1,sha256
CDHash=71530697449cbf4eff0a8d7a41dbf19aa620e82d
Signature size=4535
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA
Info.plist entries=5
TeamIdentifier=59GAB85EFG
Sealed Resources=none
Internal requirements count=1 size=84
« Last Edit: February 21, 2018, 09:23:08 PM by ondruska »

Offline timjclark

  • Newbie
  • *
  • Posts: 1
Re: False positive in Swift standard library?
« Reply #2 on: February 21, 2018, 09:20:32 PM »
I am having the same problem.  I am getting an Infection blocked! message about every 10 seconds.  From googling I saw a thread from one year ago that said this was a problem with an update/virus definition file.  I look forward to a resolution to this one...

Thank you,

Tim

Offline Pugilist

  • Newbie
  • *
  • Posts: 1
Re: False positive in Swift standard library?
« Reply #3 on: February 21, 2018, 09:32:33 PM »
Same problem with
/System/Library/CoreServices/MRT.app/Contents/Frameworks/libswiftDispatch.dylib

Offline kcmiller2

  • Newbie
  • *
  • Posts: 2
Re: False positive in Swift standard library?
« Reply #4 on: February 21, 2018, 09:38:48 PM »
I'm having the same problem. About every 10 seconds Avast is saying it has blocked a threat and moved it to the chest. libswiftDispatch.dylib

Offline marek.vagner

  • Newbie
  • *
  • Posts: 1
Re: False positive in Swift standard library?
« Reply #5 on: February 21, 2018, 10:24:53 PM »
Same problem on my Macbook, Avast keep showing popups saying Infection blocked, file is libswiftDispatch.dylib
And I can't open my Telegram app too since it started :(

Offline wanderingisnotlost

  • Newbie
  • *
  • Posts: 1
Re: False positive in Swift standard library?
« Reply #6 on: February 21, 2018, 10:26:26 PM »
Same problem. This feels like a false positive.... but maybe not. Unfortunately, quarantining half a dozen program files makes it a bit hard to get work done with it locking away all these files.

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 320
Re: False positive in Swift standard library?
« Reply #7 on: February 21, 2018, 10:26:55 PM »
Hello,

sorry for your inconvenience, we are working on fix and it will be release asap.

Offline mhuntley

  • Newbie
  • *
  • Posts: 2
Re: False positive in Swift standard library?
« Reply #8 on: February 21, 2018, 10:31:40 PM »
Same problem. Many libswiftDispatch.dylib alerts re MacOS:BitCoinMiner-AS [Trj], and some apps (e.g. Malwarebytes) now crash, presumably because various libswiftDispatch.dylib files, including some from CoreServices, have been moved to the Virus Chest.

This is a serious problem. Is it a real infection, or a false positive, and how will the problem be remedied?

Offline asoutherland

  • Newbie
  • *
  • Posts: 1
Re: False positive in Swift standard library?
« Reply #9 on: February 21, 2018, 10:36:00 PM »
This is incredibly frustrating, and basically unacceptable. libswift is used by Docker, Xcode, and a number of other development tools. I have half of my dev team unable to work until Avast stops quarantining software dependencies based on a false positive. This is the second false positive in a month that impact Xcode directly. I'll be actively migrating off of Avast after this..

Offline drake145

  • Jr. Member
  • **
  • Posts: 28
Re: False positive in Swift standard library?
« Reply #10 on: February 22, 2018, 12:59:23 AM »
I am experiencing the same problem (screenshot attached).

From the messages, the Avast team appears to be working on it, so hopefully a fix will be released soon.

Since this appears to be a false positive, is there any harm in removing the files from quarantine?
« Last Edit: February 22, 2018, 01:04:48 AM by drake145 »

Offline drake145

  • Jr. Member
  • **
  • Posts: 28
Re: False positive in Swift standard library?
« Reply #11 on: February 22, 2018, 01:06:35 AM »
Meant release the files on my above post.

Offline drake145

  • Jr. Member
  • **
  • Posts: 28
Re: False positive in Swift standard library?
« Reply #12 on: February 22, 2018, 01:42:36 AM »
Meant release the files on my above post.

Well, l took a chance and restored the files (expect the latter 2, since it appears they re-generated so I deleted them).

Offline kcmiller2

  • Newbie
  • *
  • Posts: 2
Re: False positive in Swift standard library?
« Reply #13 on: February 22, 2018, 02:15:09 AM »
The pop up warnings stopped, and my affected program works again. Thanks for fixing it.

Offline vol24pl

  • Newbie
  • *
  • Posts: 4
Re: False positive in Swift standard library?
« Reply #14 on: February 22, 2018, 10:16:53 AM »
Loosely related but I need this info to adress exactly this issue properly:

How can i find:
1. My current virus definition version + date of update
2. My current Avast app version + date of update
3. Newest virus definition version
4. Newest Avast app version