[prev in list] [next in list] [prev in thread] [next in thread]
List: centos
Subject: Re: [CentOS] Is shellcheck safe?
From: Thomas Stephen Lee <lee.iitb () gmail ! com>
Date: 2022-01-23 5:42:00
Message-ID: CAG7s96UP5ZfosDF8G-xDJ9Dtd5Lnm4HSC6_0u5ETHWonvydEzA () mail ! gmail ! com
[Download RAW message or body]
On Sun, Jan 23, 2022 at 2:05 AM Vidar Holen <vidar@vidarholen.net> wrote:
>
> The ShellCheck binaries are built on Ubuntu based Docker images via GitHub Actions, \
> which also uses Ubuntu.
> PS: Bkav reports that the issue has been fixed, and re-visiting the original \
> VirusTotal.com URL no longer shows any detected issues. The same is true when \
> uploading new Haskell binaries.
> On Fri, Jan 21, 2022 at 10:31 PM Thomas Stephen Lee <lee.iitb@gmail.com> wrote:
> >
> > On Thu, Jan 20, 2022 at 10:09 AM Vidar Holen <vidar@vidarholen.net> wrote:
> > >
> > > This is purely a Bkav Pro issue. I don't know what it's looking for, but it's \
> > > clearly not accurate enough. All the search hits I get about VEX.Webshell are \
> > > questions about why this single and rather unknown scanner is identifying it in \
> > > a wide variety of files.
> > > On Wed, Jan 19, 2022 at 6:31 PM Thomas Stephen Lee <lee.iitb@gmail.com> wrote:
> > > >
> > > > Thanks a lot for the clarification.👍
> > > > By the way, is this a Haskell bug?
> > > >
> > > > Thanks
> > > >
> > > > ---
> > > > Lee
> > > >
> > > > On Thu, Jan 20, 2022 at 5:07 AM Vidar Holen via CentOS
> > > > <centos@centos.org> wrote:
> > > > >
> > > > > Hi, ShellCheck author here.
> > > > >
> > > > > Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to
> > > > > VirusTotal.com, this is a false positive that seems to trigger on every
> > > > > Haskell binary including a simple "Hello World". It further appears to
> > > > > trigger on a number of unrelated repositories. See internal issue
> > > > > https://github.com/koalaman/shellcheck/issues/2432
> > > > >
> > > > > The Bkav Corporation does not appear to have a false positive submission
> > > > > process that I could find using Google Translate on bkav.com.vn, but I
> > > > > emailed a general product contact address about it. Hopefully they'll make
> > > > > the check more accurate in the future.
> > > > >
> > > > > Regards,
> > > > > Vidar Holen
> > > > >
> > > > > (Sorry about the bad reply-to, I wasn't on the list when the discussion
> > > > > started)
> >
> > Hi Vidar,
> >
> > What OS do you use to build the binary?
> >
> > Thanks
> >
> > ---
> > Lee
Hi Vidar,
Thanks a lot for the prompt action and reply.
I tested Haskell hello world in a few vagrant images (Fedora, Ubuntu,
Debian, etc.), which gave clean results on virustotal.
Great to see the issue is fixed now.
---
Lee
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic