1 virus total security vendor returns a red flag to splunk instalation scripts, what to do?

[Blokui]

this is what is happening, what is the problem??

[MickLesk]

@rcastley ?

[rcastley]

There's nothing actually malicious here. These are all standard patterns for a legitimate container provisioning script. "Chong Lua Dao" is a Vietnamese security vendor known for aggressive heuristics and frequent false positives on shell scripts that use curl | bash patterns. The 93 other vendors correctly identify this as clean.

If you want to reduce the chance of false positives, the biggest trigger is likely the source <(curl ...) pattern on line 2, but that's a core pattern used across all scripts in this project, so it's not worth changing for one low-confidence vendor.

[Blokui]

thanks man, you are the best, im going to install it then, there is a couple of more scripts that also return red flag from a diferent vendor, but i suppose is the same right? still im gonna have faith, thanks.