Go: False positive virus detection

Recently to my surprise antivirus software detected virus in my freshly build golang program. Doing research I found interesting article from Melle Boudewijns. So I created simple golang program hello_flags.go:

package main

func main() {
  print("Hello: go build -race -ldflags \"-s -w\" hello_flags.go")
}

Then I compiled this source file with flags and execute it and again without flags and execute it. Here is output:

G:\hello_flags>go build -race -ldflags "-s -w" hello_flags.go

G:\hello_flags>.\hello_flags.exe
Hello: go build -race -ldflags "-s -w" hello_flags.go
G:\hello_flags>go build hello_flags.go

G:\hello_flags>.\hello_flags.exe
Access is denied.

G:\hello_flags>

Online tool VirusTotal.com for executable compiled with flags detected Trojan/Malicious/Malware by 16 antivirus programs. Avast did not detect it.

It looks like antivirus machine learning software should learn about simple golang program like above to avoid false positive detection.

This entry was posted in golang, workday. Bookmark the permalink.

Leave a Reply