Re: [go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
On Tue, Feb 11, 2020 at 9:06 PM ajstarks wrote: > > VT detected issues. As mentioned these are false positives: > > https://www.virustotal.com/gui/file/77cbc92defdabf7e308849f0dd5e784010d9b4548b99b50df52533b949a14d85/detection FYI: https://golang.org/doc/faq#virus Ian > On Tuesday, February 11, 2020 at 11:50:37 PM UTC-5, ajstarks wrote: >> >> A bit more info: building natively on Windows 10, the detection is NOT >> triggered. >> I will submit the offending file. >> >> On Tuesday, February 11, 2020 at 11:30:48 PM UTC-5, andrey mirtchovski wrote: >>> >>> you can find similar detections on virustotal. unfortunately it looks >>> like a false positive: >>> >>> https://www.virustotal.com/gui/file/93eb448cedd4b4355065a4f9193d8548b02bc56ed5ba9e774095f9ab3da46227/detection >>> >>> there are members of this community working for microsoft, perhaps >>> they'll have an avenue that will allow their engine to avoid a false >>> positive on go code. not sure if they have an open channel to address >>> this. >>> >>> On Tue, Feb 11, 2020 at 9:15 PM ajstarks wrote: >>> > >>> > When building Windows binaries for pdfdeck [1] >>> > (https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that >>> > the binary generated with on linux with: >>> > >>> > GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o >>> > windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck >>> > >>> > will cause the Windows 10 Defender virus detection to think the binary is >>> > infected with Trojan:Win32/Wacatac.C!ml >>> > >>> > simply removing the -ldflags builds a binary that runs with no issues. >>> > Has anyone else seen this? >>> > >>> > -- >>> > You received this message because you are subscribed to the Google Groups >>> > "golang-nuts" group. >>> > To unsubscribe from this group and stop receiving emails from it, send an >>> > email to golan...@googlegroups.com. >>> > To view this discussion on the web visit >>> > https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com. > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/4b7c752b-6b82-4ec9-8d66-3ad9d663368a%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAOyqgcVRJ3W8hwKThJJEybzM4BLE77P8Xeg3Dkcb6z4GVL2a0w%40mail.gmail.com.
Re: [go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
VT detected issues. As mentioned these are false positives: https://www.virustotal.com/gui/file/77cbc92defdabf7e308849f0dd5e784010d9b4548b99b50df52533b949a14d85/detection On Tuesday, February 11, 2020 at 11:50:37 PM UTC-5, ajstarks wrote: > > A bit more info: building natively on Windows 10, the detection is NOT > triggered. > I will submit the offending file. > > On Tuesday, February 11, 2020 at 11:30:48 PM UTC-5, andrey mirtchovski > wrote: >> >> you can find similar detections on virustotal. unfortunately it looks >> like a false positive: >> >> >> https://www.virustotal.com/gui/file/93eb448cedd4b4355065a4f9193d8548b02bc56ed5ba9e774095f9ab3da46227/detection >> >> >> there are members of this community working for microsoft, perhaps >> they'll have an avenue that will allow their engine to avoid a false >> positive on go code. not sure if they have an open channel to address >> this. >> >> On Tue, Feb 11, 2020 at 9:15 PM ajstarks wrote: >> > >> > When building Windows binaries for pdfdeck [1] ( >> https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that >> the binary generated with on linux with: >> > >> > GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o >> windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck >> > >> > will cause the Windows 10 Defender virus detection to think the binary >> is infected with Trojan:Win32/Wacatac.C!ml >> > >> > simply removing the -ldflags builds a binary that runs with no issues. >> Has anyone else seen this? >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "golang-nuts" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to golan...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com. >> >> >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/4b7c752b-6b82-4ec9-8d66-3ad9d663368a%40googlegroups.com.
Re: [go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
A bit more info: building natively on Windows 10, the detection is NOT triggered. I will submit the offending file. On Tuesday, February 11, 2020 at 11:30:48 PM UTC-5, andrey mirtchovski wrote: > > you can find similar detections on virustotal. unfortunately it looks > like a false positive: > > > https://www.virustotal.com/gui/file/93eb448cedd4b4355065a4f9193d8548b02bc56ed5ba9e774095f9ab3da46227/detection > > > there are members of this community working for microsoft, perhaps > they'll have an avenue that will allow their engine to avoid a false > positive on go code. not sure if they have an open channel to address > this. > > On Tue, Feb 11, 2020 at 9:15 PM ajstarks > > wrote: > > > > When building Windows binaries for pdfdeck [1] ( > https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that > the binary generated with on linux with: > > > > GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o > windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck > > > > will cause the Windows 10 Defender virus detection to think the binary > is infected with Trojan:Win32/Wacatac.C!ml > > > > simply removing the -ldflags builds a binary that runs with no issues. > Has anyone else seen this? > > > > -- > > You received this message because you are subscribed to the Google > Groups "golang-nuts" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to golan...@googlegroups.com . > > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com. > > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/32f09016-bce7-4951-a98e-ce8009a2683c%40googlegroups.com.
Re: [go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
sorry, wanted to add: submit your file to VT and see if it triggers a detection there (like in my link it is most likely that only the MS engine will detect it). then you have a case to argue. On Tue, Feb 11, 2020 at 9:29 PM andrey mirtchovski wrote: > > you can find similar detections on virustotal. unfortunately it looks > like a false positive: > > https://www.virustotal.com/gui/file/93eb448cedd4b4355065a4f9193d8548b02bc56ed5ba9e774095f9ab3da46227/detection > > there are members of this community working for microsoft, perhaps > they'll have an avenue that will allow their engine to avoid a false > positive on go code. not sure if they have an open channel to address > this. > > On Tue, Feb 11, 2020 at 9:15 PM ajstarks wrote: > > > > When building Windows binaries for pdfdeck [1] > > (https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that > > the binary generated with on linux with: > > > > GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o > > windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck > > > > will cause the Windows 10 Defender virus detection to think the binary is > > infected with Trojan:Win32/Wacatac.C!ml > > > > simply removing the -ldflags builds a binary that runs with no issues. Has > > anyone else seen this? > > > > -- > > You received this message because you are subscribed to the Google Groups > > "golang-nuts" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to golang-nuts+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAK4xykWP%2BPCUgmGOpoM5%2BJm6Kx_MGBOUZqwj_uY6OBf2GofMwQ%40mail.gmail.com.
Re: [go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
you can find similar detections on virustotal. unfortunately it looks like a false positive: https://www.virustotal.com/gui/file/93eb448cedd4b4355065a4f9193d8548b02bc56ed5ba9e774095f9ab3da46227/detection there are members of this community working for microsoft, perhaps they'll have an avenue that will allow their engine to avoid a false positive on go code. not sure if they have an open channel to address this. On Tue, Feb 11, 2020 at 9:15 PM ajstarks wrote: > > When building Windows binaries for pdfdeck [1] > (https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that the > binary generated with on linux with: > > GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o windows-386-pdfdeck.exe > github.com/ajstarks/deck/cmd/pdfdeck > > will cause the Windows 10 Defender virus detection to think the binary is > infected with Trojan:Win32/Wacatac.C!ml > > simply removing the -ldflags builds a binary that runs with no issues. Has > anyone else seen this? > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAK4xykXE1wthNUKwLH7tcofztDiPsoGTxfYNiouMj2X9qfV%2Bug%40mail.gmail.com.
[go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
When building Windows binaries for pdfdeck [1] ( https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that the binary generated with on linux with: GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck will cause the Windows 10 Defender virus detection to think the binary is infected with Trojan:Win32/Wacatac.C!ml simply removing the -ldflags builds a binary that runs with no issues. Has anyone else seen this? -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com.