Re: [CentOS] Is shellcheck safe?

2022-01-22 Thread Thomas Stephen Lee
On Sun, Jan 23, 2022 at 2:05 AM Vidar Holen wrote: > > The ShellCheck binaries are built on Ubuntu based Docker images via GitHub > Actions, which also uses Ubuntu. > > PS: Bkav reports that the issue has been fixed, and re-visiting the original > VirusTotal.com URL no longer shows any detected

Re: [CentOS] Is shellcheck safe?

2022-01-22 Thread Vidar Holen via CentOS
The ShellCheck binaries are built on Ubuntu based Docker images via GitHub Actions, which also uses Ubuntu. PS: Bkav reports that the issue has been fixed, and re-visiting the original VirusTotal.com URL no longer shows any detected issues. The same is true when uploading new Haskell binaries.

Re: [CentOS] Is shellcheck safe?

2022-01-21 Thread Thomas Stephen Lee
On Thu, Jan 20, 2022 at 10:09 AM Vidar Holen wrote: > > This is purely a Bkav Pro issue. I don't know what it's looking for, but it's > clearly not accurate enough. All the search hits I get about VEX.Webshell are > questions about why this single and rather unknown scanner is identifying it >

Re: [CentOS] Is shellcheck safe?

2022-01-19 Thread Vidar Holen via CentOS
This is purely a Bkav Pro issue. I don't know what it's looking for, but it's clearly not accurate enough. All the search hits I get about VEX.Webshell are questions about why this single and rather unknown scanner is identifying it in a wide variety of files. On Wed, Jan 19, 2022 at 6:31 PM

Re: [CentOS] Is shellcheck safe?

2022-01-19 Thread Thomas Stephen Lee
Thanks a lot for the clarification. By the way, is this a Haskell bug? Thanks --- Lee On Thu, Jan 20, 2022 at 5:07 AM Vidar Holen via CentOS wrote: > > Hi, ShellCheck author here. > > Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to > VirusTotal.com, this is a false

Re: [CentOS] Is shellcheck safe?

2022-01-19 Thread Vidar Holen via CentOS
Hi, ShellCheck author here. Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to VirusTotal.com, this is a false positive that seems to trigger on every Haskell binary including a simple "Hello World". It further appears to trigger on a number of unrelated repositories. See

Re: [CentOS] Is shellcheck safe?

2022-01-19 Thread Phil Perry
On 17/01/2022 05:30, Thomas Stephen Lee wrote: Hi, I downloaded, extracted, and ran 0.8.0 https://github.com/koalaman/shellcheck/releases After running, I submitted the file to virustotal with the below result.

Re: [CentOS] Is shellcheck safe?

2022-01-19 Thread Gionatan Danti
Il 2022-01-17 06:30 Thomas Stephen Lee ha scritto: Hi, I downloaded, extracted, and ran 0.8.0 https://github.com/koalaman/shellcheck/releases After running, I submitted the file to virustotal with the below result.

[CentOS] Is shellcheck safe?

2022-01-16 Thread Thomas Stephen Lee
Hi, I downloaded, extracted, and ran 0.8.0 https://github.com/koalaman/shellcheck/releases After running, I submitted the file to virustotal with the below result. https://www.virustotal.com/gui/file/f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651 Should I be concerned that I