DEV Community


Posted on

Not a malware

For the past year or so I wrote several Golang based applications for the Windows environment.

The pain of writing software for Windows in non Microsoft tooling is a whole set of posts that I can create, but one thing is worst.

Many applications that are written using Golang are considered to be a Virus, or a maleware of some kind simply because they are written in Go.

When you use tools such as Virus Total, upload a Go based application that you wrote and see how many results of Anti Viruses think that you are trying to create a malware of some kind.

The malware I wrote is just an HTTP server with support of TLS certificate and JWT, registry access for some information, Windows service(ing) to run as one, loading dynamically a .dll file that I wrote (using c++) and few additional COM binding for my witchcraft mix.

That simple mixture was tagged as ransomware just because I had support for x509 inside my code and working as non GUI service.

An "expert" of the organization that the server was suppose to use it told me that I have "hidden code" because of the traces on x509 PKI implementation inside the .exe .

I know, I'm a bad person just because I use tech that can be used for evil.
Like if you use a knife you are an evil person because you can stab or just cut another person - that's why anti viruses consider my code to be a malicious one, right?

After investigation, I realized that I'm not the only one, look at the Golang FAQ:

This is a common occurrence, especially on Windows machines, and is almost always a false positive. Commercial virus scanning programs are often confused by the structure of Go binaries, which they don't see as often as those compiled from other languages.

If you've just installed the Go distribution and the system reports it is infected, that's certainly a mistake. To be really thorough, you can verify the download by comparing the checksum with those on the downloads page.

In any case, if you believe the report is in error, please report a bug to the supplier of your virus scanner. Maybe in time virus scanners can learn to understand Go programs.

If (almost) every program written in Go is considered a malware, what can a simple developer can do?!

I never ever wrote a malware in my life, never tried to do harm, but now if I use a term from my native language: "I need to prove that I do not have a sister" just because someone/thing decided that I do.

So what would you do?

Discussion (0)