On 17/01/2022 05:30, Thomas Stephen Lee wrote: > Hi, > > I downloaded, extracted, and ran 0.8.0 > > https://github.com/koalaman/shellcheck/releases > > After running, I submitted the file to virustotal > with the below result. > > https://www.virustotal.com/gui/file/f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651 > > Should I be concerned that I ran the program once? > > Thanks > ShellCheck is available in EPEL (v0.3.8), at least for rhel7, if that is any indication of it's trustworthiness. The (older) EPEL version scans clean on VirusTotal. You could look at the source code changes between the two releases and make a judgement if you feel there is any reason to be concerned. Alternatively I would suggest submitting a copy to the AV vendor who flagged it for further investigation as a potential false positive. Phil