Hi, I downloaded, extracted, and ran 0.8.0 https://github.com/koalaman/shellcheck/releases After running, I submitted the file to virustotal with the below result. https://www.virustotal.com/gui/file/f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651 Should I be concerned that I ran the program once? Thanks --- Lee
Il 2022-01-17 06:30 Thomas Stephen Lee ha scritto:> Hi, > > I downloaded, extracted, and ran 0.8.0 > > https://github.com/koalaman/shellcheck/releases > > After running, I submitted the file to virustotal > with the below result. > > https://www.virustotal.com/gui/file/f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651 > > Should I be concerned that I ran the program once? > > ThanksI don't see anything wrong with the shellcheck repository. Anyway the golden rules always apply: check you script on a test machine and, if needed, update your bash script on the production server. Regards. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8
On 17/01/2022 05:30, Thomas Stephen Lee wrote:> Hi, > > I downloaded, extracted, and ran 0.8.0 > > https://github.com/koalaman/shellcheck/releases > > After running, I submitted the file to virustotal > with the below result. > > https://www.virustotal.com/gui/file/f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651 > > Should I be concerned that I ran the program once? > > Thanks >ShellCheck is available in EPEL (v0.3.8), at least for rhel7, if that is any indication of it's trustworthiness. The (older) EPEL version scans clean on VirusTotal. You could look at the source code changes between the two releases and make a judgement if you feel there is any reason to be concerned. Alternatively I would suggest submitting a copy to the AV vendor who flagged it for further investigation as a potential false positive. Phil