We are aware that the version of the BBR-SDK that ships with TAS product sometimes triggers a false-positive in McAfee malware scans, when compiled on Ubuntu Jammy stemcells. This false positive identifies a file called backup-and-restore-sdk-1.18.49-ubuntu-jammy-1.2.tgz/backup-and-restore-sdk-1.18.49-ubuntu-jammy-1.2/database-backup-restorer-postgres-13.tgz/database-backup-restorer-postgres-13/earthdistance.so as infected. It does not trigger any alerts when the same source code is compiled on Ubuntu Xenial.
 

{
      "path": "https://build-artifactory.domain.com/artifactory/tanzu-application-services-generic-local/compiled-releases/2.14/backup-and-restore-sdk/sha2/backup-and-restore-sdk-1.18.49-ubuntu-jammy-1.2.tgz",
      "sha256": "8c8ac46ecef457ede55c869cedbb3b4b45979534a1d43d32b193edd1de5bea7c",
      "infected": true,
      "infected_with": "GenericRXNB-XD!F811DCBFF674"
    }

Product Version: 3.0

No action is necessary and this benign McAfee Scan result should be ignored.