[Spivak]

I mean how is the security scanner supposed to know that you’re working on a project which is super specific edge case?

I mean almost all of the time that PDF will be malware designed to trick the reader into clicking that link and it did the right thing.

[archie2]

Most security scanners allow you to create exclusion folders, where it doesn't scan files in those folders. Something somebody researching malware on a company computer with a malware detector should probably be aware of.

[RaiseProfits]

Presumably by disabling it on the workstations of security researchers. Or just the feature that flags linked content rather than content itself.