On 2022/3/9 23:37, Brian Candler wrote:
https://go.dev/doc/faq#virus
On Wednesday, 9 March 2022 at 11:14:47 UTC Rusco wrote:
On Win10 I get this Antivirus message and can not get runnig my .exe
on my company notebook.
This is the binary, the only import is "fmt" :
https://go.dev/play/p/GIUnvHMUJec?v=gotip
<https://go.dev/play/p/GIUnvHMUJec?v=gotip>
I checked antivirus diagnostics tools and found this:
https://www.virustotal.com/gui/file/01435f5f5fe574e8154a572094bd0dd21a6ce8bc506b9931be0e30a917fd68a1/detection
<https://www.virustotal.com/gui/file/01435f5f5fe574e8154a572094bd0dd21a6ce8bc506b9931be0e30a917fd68a1/detection>
https://www.virustotal.com/gui/file/01435f5f5fe574e8154a572094bd0dd21a6ce8bc506b9931be0e30a917fd68a1/community
<https://www.virustotal.com/gui/file/01435f5f5fe574e8154a572094bd0dd21a6ce8bc506b9931be0e30a917fd68a1/community>
https://valhalla.nextron-systems.com/info/rule/SUSP_LazyDLL_Load_Golang_Jan20_1
<https://valhalla.nextron-systems.com/info/rule/SUSP_LazyDLL_Load_Golang_Jan20_1>
So this is probably due to "suspicious LazyDLL loading in Golang
binaries".
Where is this Lazy DLL loading going on, in the runtime ?
LoadLibraryA, LoadLibraryW is used by syscall and runtime package
https://go.googlesource.com/go/+/refs/tags/go1.18rc1/src/runtime/syscall_windows.go
at syscall_loadsystemlibrary, syscall_loadlibrary
and on
https://go.googlesource.com/go/+/refs/tags/go1.18rc1/src/runtime/os_windows.go
at windowsLoadSystemLib, loadOptionalSyscalls
Is there a way to avoid this, to make it static for example ?
No
I wonder why there a not more complaints about antivirus blocking of
Go binaries.
I never came across such blocking in my Rust binaries.
Any hints welcome
Rusco
--
You received this message because you are subscribed to the Google
Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to golang-nuts+unsubscr...@googlegroups.com
<mailto:golang-nuts+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/a06db50e-bb79-41e0-ae54-fd8f0b2cae5dn%40googlegroups.com
<https://groups.google.com/d/msgid/golang-nuts/a06db50e-bb79-41e0-ae54-fd8f0b2cae5dn%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/6a20f3c6-8942-fa94-2cbe-2e10af399055%40gmail.com.