The ShellCheck binaries are built on Ubuntu based Docker images via GitHub Actions, which also uses Ubuntu. PS: Bkav reports that the issue has been fixed, and re-visiting the original VirusTotal.com URL no longer shows any detected issues. The same is true when uploading new Haskell binaries. On Fri, Jan 21, 2022 at 10:31 PM Thomas Stephen Lee <lee.iitb at gmail.com> wrote: > On Thu, Jan 20, 2022 at 10:09 AM Vidar Holen <vidar at vidarholen.net> wrote: > > > > This is purely a Bkav Pro issue. I don't know what it's looking for, but > it's clearly not accurate enough. All the search hits I get about > VEX.Webshell are questions about why this single and rather unknown scanner > is identifying it in a wide variety of files. > > > > On Wed, Jan 19, 2022 at 6:31 PM Thomas Stephen Lee <lee.iitb at gmail.com> > wrote: > >> > >> Thanks a lot for the clarification.👍 > >> By the way, is this a Haskell bug? > >> > >> Thanks > >> > >> --- > >> Lee > >> > >> On Thu, Jan 20, 2022 at 5:07 AM Vidar Holen via CentOS > >> <centos at centos.org> wrote: > >> > > >> > Hi, ShellCheck author here. > >> > > >> > Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to > >> > VirusTotal.com, this is a false positive that seems to trigger on > every > >> > Haskell binary including a simple "Hello World". It further appears to > >> > trigger on a number of unrelated repositories. See internal issue > >> > https://github.com/koalaman/shellcheck/issues/2432 > >> > > >> > The Bkav Corporation does not appear to have a false positive > submission > >> > process that I could find using Google Translate on bkav.com.vn, but > I > >> > emailed a general product contact address about it. Hopefully they'll > make > >> > the check more accurate in the future. > >> > > >> > Regards, > >> > Vidar Holen > >> > > >> > (Sorry about the bad reply-to, I wasn't on the list when the > discussion > >> > started) > > Hi Vidar, > > What OS do you use to build the binary? > > Thanks > > --- > Lee >