We have several Amazon servers. It has bash version 4.1.2. Kaspersky claims that all bash versions up to 4.3 are unsafe. When I do this test...
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
... it returns: hello, and even though Lifehacker says that I should get an error back: bash: warning: x: ignoring function definition attempt bash....., I guess the simple "hello" is good enough. Still I'm in doubt.
Can you explain what info I can trust?
The version number of a program is not a good indication of the security issues that it has. When a security hole is found, it is standard practice to patch just this hole, and not to upgrade the program to a later version which may turn out to be incompatible in subtle cases.
Thus seeing that you have bash 4.1 does not give any information as to whether it is vulnerable to Shellshock. Use a test such as the one you've already found. Since x='() { :;}; echo vulnerable' bash -c 'echo hello' does not print vulnerable, you are not vulnerable to the Shellshock bug. The fact that you don't see an error message either indicates that your copy of bash also has patches to fix related bugs found in the wake of Shellshock. The article mentioning these error messages is out of date: with the latest fixes, this command just prints hello.
bash.