• OS-agnostic. The PoC works because many AVs carve/scan archives found inside larger binaries. That behavior exists on Linux (proved with ClamAV) and also on Windows/macOS in various engines. It’s about how scanners treat containers embedded in arbitrary files, not about executing anything.
I think the only reason why we haven't seen such as DoS happen in action is because most people are running their nodes on Linux with no AVs.
Maybe a couple of folks use Red Hat or CentOS which contains SELinux, but I think SELinux might be different from AVs in that it doesn't quarantine anything and it's more of an exploit-buster.
I was unable to send security the test script in the email because :
Sorry, we were unable to deliver your message to the following address.
<security@bitcoincore.org>:
550: 5.7.1 Reject for policy reason RULE1_1: Virus/Malware detected
That's a bit ironic. Maybe you should try putting it inside a Pastebin.