Is anyone else seeing AVG alerts with Go 1.3 windows_amd64 build binaries?
378 views
Skip to first unread message
Chris Hines
Jun 19, 2014, 9:13:55 PM6/19/14
to golan...@googlegroups.com
I have AVG AntiVirus on two different Windows 7 machines (work and personal) and both installations report a FakeAlert.RT trojan horse on any .exe built by the Go 1.3 gc toolchain. I did not get these alerts with Go 1.2.x built binaries.
Is anyone else getting these alerts?
Thanks,
Chris
John C.
Jun 20, 2014, 8:53:24 AM6/20/14
to golan...@googlegroups.com
I get these alerts for nm.exe and some other build tools, but not on the executables I build myself. I'm on Win7-64.
DisposaBoy
Jun 20, 2014, 2:34:03 PM6/20/14
to golan...@googlegroups.com
These are most like false positives and have been an issue with various AV packages for years. I think the best thing to do is to report this to the AV creator(s).
Maxim Khitrov
Jun 20, 2014, 6:24:26 PM6/20/14
to DisposaBoy, golang-nuts
Yep, Avast was detecting "Threat:Win64:Evo-gen [Susp]" in _cgo_.o for
one of my packages:
https://github.com/mxk/go-sqlite/issues/4#issuecomment-45665777
one of my packages:
https://github.com/mxk/go-sqlite/issues/4#issuecomment-45665777
Andrew Gerrand
Jun 20, 2014, 8:47:06 PM6/20/14
to Chris Hines, golang-nuts
We've had a long history of these kinds of reports. Go binaries are not normal-looking EXEs because our generated code looks different to that of other popular compilers like MSVC++ or gcc.
Try submitting the suspect file to a service like https://www.virustotal.com/ If it's not picked up by at least one other vendor, it's probably a false positive.
Please report the false positive to your AV vendor.
Andrew
Reply all
Reply to author
Forward
0 new messages