Re: Is shellcheck safe?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Jan 20, 2022 at 10:09 AM Vidar Holen <vidar@xxxxxxxxxxxxxx> wrote:
>
> This is purely a Bkav Pro issue. I don't know what it's looking for, but it's clearly not accurate enough. All the search hits I get about VEX.Webshell are questions about why this single and rather unknown scanner is identifying it in a wide variety of files.
>
> On Wed, Jan 19, 2022 at 6:31 PM Thomas Stephen Lee <lee.iitb@xxxxxxxxx> wrote:
>>
>> Thanks a lot for the clarification.👍
>> By the way, is this a Haskell bug?
>>
>> Thanks
>>
>> ---
>> Lee
>>
>> On Thu, Jan 20, 2022 at 5:07 AM Vidar Holen via CentOS
>> <centos@xxxxxxxxxx> wrote:
>> >
>> > Hi, ShellCheck author here.
>> >
>> > Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to
>> > VirusTotal.com, this is a false positive that seems to trigger on every
>> > Haskell binary including a simple "Hello World". It further appears to
>> > trigger on a number of unrelated repositories. See internal issue
>> > https://github.com/koalaman/shellcheck/issues/2432
>> >
>> > The Bkav Corporation does not appear to have a false positive submission
>> > process that I could find using Google Translate on bkav.com.vn, but I
>> > emailed a general product contact address about it. Hopefully they'll make
>> > the check more accurate in the future.
>> >
>> > Regards,
>> > Vidar Holen
>> >
>> > (Sorry about the bad reply-to, I wasn't on the list when the discussion
>> > started)

Hi Vidar,

What OS do you use to build the binary?

Thanks

---
Lee
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux