Attackers can run a virus scan before distributing it.

not sure what you’re getting at

attackers can check if a virus scan would detect the virus and change it until it passes the scans, so virus scans are not sufficient protection against dedicated attackers.

just because a virus scan did not find anything in a binary, that doesn't mean the binary is safe.

Thats true but no sane malware developer would share their binary with VT. Downloading a binary is still safer than having your shell run arbitrary stuff

Sure but then it will trigger false positives some of the time

https://github.com/astral-sh/rye/issues/468

Sure but I know a few trusted AVs I look at the results for to know whether this is the case, usually Malwarebytes and ESET, and Kaspersky