[CentOS] Is shellcheck safe?

Thu Jan 20 04:39:08 UTC 2022
Vidar Holen <vidar at vidarholen.net>

This is purely a Bkav Pro issue. I don't know what it's looking for, but
it's clearly not accurate enough. All the search hits I get about
VEX.Webshell are questions about why this single and rather unknown scanner
is identifying it in a wide variety of files.

On Wed, Jan 19, 2022 at 6:31 PM Thomas Stephen Lee <lee.iitb at gmail.com>
wrote:

> Thanks a lot for the clarification.👍
> By the way, is this a Haskell bug?
>
> Thanks
>
> ---
> Lee
>
> On Thu, Jan 20, 2022 at 5:07 AM Vidar Holen via CentOS
> <centos at centos.org> wrote:
> >
> > Hi, ShellCheck author here.
> >
> > Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to
> > VirusTotal.com, this is a false positive that seems to trigger on every
> > Haskell binary including a simple "Hello World". It further appears to
> > trigger on a number of unrelated repositories. See internal issue
> > https://github.com/koalaman/shellcheck/issues/2432
> >
> > The Bkav Corporation does not appear to have a false positive submission
> > process that I could find using Google Translate on bkav.com.vn, but I
> > emailed a general product contact address about it. Hopefully they'll
> make
> > the check more accurate in the future.
> >
> > Regards,
> > Vidar Holen
> >
> > (Sorry about the bad reply-to, I wasn't on the list when the discussion
> > started)
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
>