Gregory's Server
I think you could also bundle a python interpreter, e. g. cpython with gdextension or rustpython and execute mailicious files. I guess you could also transpile source files before executing with an interpreter so gdscript support for malware scanners won't solve obfuscated code detection.
@HugeGameArtGD @popcar2 Virus scanners are bad at their job and that problem is kinda unsolvable. It's not really Godot's fault that they are garbage, and it's not Godot's fault if people put too much trust in them, either.