-
|
Just curios why 2 vendors show alerts for install.sh file |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
|
Because they’re crap? what vendors? What did they flag? Did they give any other info? without details, this is useless. |
Beta Was this translation helpful? Give feedback.
-
|
Now it is just one Before my post CMC Threat Intelligence was 2nd |
Beta Was this translation helpful? Give feedback.
-
|
@rwmitchell there is no need to act defensive and use words such as useless (which it wasn't btw, there was plenty to check). Don't make me tap the code of conduct sign. |
Beta Was this translation helpful? Give feedback.
-
|
The initial post didn't provide a link to further information on the issue, it only insinuated OMZ couldn't be trusted. If the install script had been changed, those changes would have previously been posted to discord or the github repo would had to have been compromised in a way that circumvented GitHub itself. |
Beta Was this translation helpful? Give feedback.
-
|
You're reading malicious intent on a short phrase that says "just curious". Not at all necessary and it isn't the first time you're being hostile. And it was plenty information for me, it was either scanning the URL or the file, and I saw easily what they were referring to. |
Beta Was this translation helpful? Give feedback.
-
|
The current analysis for the install.sh URL shows only 1 currently, as I rerun the analysis. The previous results were from an analysis from 2022. In any case, these results are false positives, as there is no possible malware coming from a url that serves a plain text file. The proper analysis should be done on the actual script file, which you can find here. You'll see that 0 positives are returned. You can also inspect the install.sh, which is very straightforward, it only runs git and sets up zsh. Let me know if you have any other doubts, and thanks for reporting this. |
Beta Was this translation helpful? Give feedback.
The current analysis for the install.sh URL shows only 1 currently, as I rerun the analysis. The previous results were from an analysis from 2022.
In any case, these results are false positives, as there is no possible malware coming from a url that serves a plain text file.
The proper analysis should be done on the actual script file, which you can find here. You'll see that 0 positives are returned.
You can also inspect the install.sh, which is very straightforward, it only runs git and sets up zsh.
Let me know if you have any other doubts, and thanks for reporting this.