My compiled exe file is declared as a virus

I have written a program in Go to create PDFs and zip files with LaTeX and operating system board tools (it has to work on Linux and Windows). A few days ago, Windows Defender classified my exe as a Trojan. Because I share the file with friends: How can I make sure that my program is not flagged as a virus or how does my code have to look like?

The PDFs and zip file are created in an export folder. The following steps are carried out:

  • The export folder is emptied.
  • An image is tested for a specific size.
  • .tex files are copied temporarily.
  • LaTex/Docker is started and generates various PDFs using .tex files.
  • A zip file is created.
  • Temporarily copies are removed
  • Some files created by LaTeX are deleted
  • Text in the console is displayed in green or red.

So I use commands like os.RemoveAll, os.Mkdir, exec.Command…

I compiled the programm with:

GOOS=windows GOARCH=amd64 go build -o start_myprogramm.exe -ldflags="-s -w" src/,y-programm.go;

My import looks like this:

import (
    "archive/zip"
    "bufio"
    "fmt"
    "image"
    _ "image/jpeg"
    "io"
    "log"
    "os"
    "os/exec"
    "path/filepath"
    "regexp"
    "strings"
    "sync"
    "time"

    "github.com/fatih/color"
)

I have read similar cases. Among other things, it said that you can sign the file. Could this be the solution to the problem? How can I figure out where the problem exactly is?

I think your best course of action is to contact the Windows Defender support team. From the official FAQ:

Why does my virus-scanning software think my Go distribution or compiled binary is infected?

This is a common occurrence, especially on Windows machines, and is almost always a false positive. Commercial virus scanning programs are often confused by the structure of Go binaries, which they don’t see as often as those compiled from other languages.

If you’ve just installed the Go distribution and the system reports it is infected, that’s certainly a mistake. To be really thorough, you can verify the download by comparing the checksum with those on the downloads page.

In any case, if you believe the report is in error, please report a bug to the supplier of your virus scanner. Maybe in time virus scanners can learn to understand Go programs.

And here’s a comment by Ian Lance Taylor:

The Go FAQ doesn’t give any more information about this issue because we don’t know anything else about it. We don’t know why Windows virus scanners tend to have false positives on Go binaries. We haven’t talked to Microsoft about it very much, because the bug reports we see are usually about third party virus scanning products, not about Microsoft itself. That said, this article does mention Windows Defender, so maybe things have changed.

And another:

@IndustrialPerformanceDude It’s OK to post here but the Go project is not going to be taking any action on this.

Again - just reinforcing that it’s a Virus Scanner problem, not a Go problem. Wish I could be of more use but I haven’t actually run up against this yet in my years as a gopher. Maybe somebody else can chime in with more useful info.

1 Like