20 Jan
2022
20 Jan
'22
12:36 a.m.
Hi, ShellCheck author here.
Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to VirusTotal.com, this is a false positive that seems to trigger on every Haskell binary including a simple "Hello World". It further appears to trigger on a number of unrelated repositories. See internal issue https://github.com/koalaman/shellcheck/issues/2432
The Bkav Corporation does not appear to have a false positive submission process that I could find using Google Translate on bkav.com.vn, but I emailed a general product contact address about it. Hopefully they'll make the check more accurate in the future.
Regards, Vidar Holen
(Sorry about the bad reply-to, I wasn't on the list when the discussion started)