Recently to my surprise antivirus software detected virus in my freshly build golang program. Doing research I found interesting article from Melle Boudewijns. So I created simple golang program hello_flags.go:
package main
func main() {
print("Hello: go build -race -ldflags \"-s -w\" hello_flags.go")
}Then I compiled this source file with flags and execute it and again without flags and execute it. Here is output:
G:\hello_flags>go build -race -ldflags "-s -w" hello_flags.go
G:\hello_flags>.\hello_flags.exe
Hello: go build -race -ldflags "-s -w" hello_flags.go
G:\hello_flags>go build hello_flags.go
G:\hello_flags>.\hello_flags.exe
Access is denied.
G:\hello_flags>Online tool VirusTotal.com for executable compiled with flags detected Trojan/Malicious/Malware by 16 antivirus programs. Avast did not detect it.
It looks like antivirus machine learning software should learn about simple golang program like above to avoid false positive detection.