False positive when running Go Lang program edited in Visual Studio Code

I'm running a simple 'hello world' style program written in Go, and when I run it from the command line I get the compiled file blocked, and a false positive hit on a virus.

Steps to reproduce on Windows 10 , latest build:

Install Go Lang from the official site
Install Visual Studio Code
Enable Go support in Visual Studio
Create this program (saved as main.go) in Visual Studio Code:

package main

import "fmt"

func main() {
   fmt.Println("Hi there!")
}

Go to a command prompt into that directory and type
go run main.go

There will be an 'Access Denied' error as BitDefender blocks the program from running with the following message:

C:\dev\udemy\helloworld>go run main.go

open C:\Users\Someone\AppData\Local\Temp\go-build276929322\b001\exe\main.exe: Access is denied.

go: failed to remove work dir: remove C:\Users\Someone\AppData\Local\Temp\go-build276929322\b001\exe: The process cannot access the file because it is being used by another process.

The message in BitDefender is:

Antivirus

The file C:\Users\Someone\AppData\Local\Temp\go-build276929322\b001\exe\main.exe is infected with Gen:Variant.Bulz.334385. The threat has been successfully blocked, your device is safe.

I performed a full scan, and there is no such virus on the machine.

It seems to be a false positive.

When I run code directly in the IDE, it works fine, being in Visual Studio Code or in WebStorm GoLand.

Can this please be fixed?

Find more posts tagged with

Accepted answers

All comments

rnair86

Getting the same issue on my end to . and there seems to be no way to add it to exceptions list . I am a software dev and this is extremely annoying .

Flexx

https://community.bitdefender.com/en/discussion/84185/false-positive-when-running-go-lang-program-edited-in-visual-studio-code

https://community.bitdefender.com/en/discussion/comment/300560#Comment_300560

Kindly fill this online forum (https://www.bitdefender.com/consumer/support/answer/40673/) .The forum will share the respective file directly with the malware research team and if the file is indeed not malicious, detection will be removed in maximum of 72 hours.

Regards

Flex

(Bitdefender beta tester 2019/ 2020)

kidkrub

Why we need to submit file that can't even run after compile? It's just .exe temporary generate for develop run nothing infect just hello world still can't run

Flexx

https://community.bitdefender.com/en/discussion/comment/300569#Comment_300569

As quoted by you in your post the file is detected as Gen:Variant.Bulz.334385 by bitdefender which is a signature based detection. Signature based detection are created by malware researchers. So, to remove this detection, you will have to provide the detected file to malware researchers.

Regards

Flex

rnair86

Hi it looks like Bitdefender Deletes the file as part of disinfection process . The location in the tmp folder is always missing the exe. Is there a way to stop Bitdefender from deleting the file ?

rnair86

btw when i use the Go Build command i am able to build a exe and then execute that exe in PS . it appears Bitdefender is blocking when the go framework tries to execute the executable generated from the temp location ?? at least that's what I think. if it is helpful i can upload the exe generated with the Go build command

kmueller

I'd like to act as another user that is having this issue.

Actually, we have at least three machines in our office that can no longer compile Go source.

This is true for a simple "Hello World" program that ONLY has: fmt.Println("Hello World")

kmueller

I'd also like to note that this has nothing to do with Visual Studio or any other IDE.

I created the source with notepad and it is unable to be compiled by the `go build` command.

My experience is the same as the original poster.

Go appears to build the source in an intermediary temporary folder, this folder appears to get deleted during the compile process by Bitdefender, so there is no file to submit to Bitdefender. The admin for Bitdefender added my temp folder as an exclusion rule, but it does not resolve the issue. The build is still blocked.

kmueller

I should also note, there is an alternative way to build Go programs by hand. The syntax is "go build -work main.go`

Using the -work flag does allow the program to compile and Bitdefender does not block it. Compiling Go programs in this manner is not a tenable solution for us as it produces some secondary output that is not acceptable, but it does allow the code to compile.

I believe that the answer to it compiling may be in the documentation for that flag:

-work
	print the name of the temporary work directory and
	do not delete it when exiting.

Is it possible that Bitdefender is flagging this directory delete, which occurs naturally during the normal compile process, as malicious behavior. And when adding the -work flag, Bitdefender allows the compile to go through?

kmueller

Sorry to continue with posts, but one other issue has arisen. Using the `go build -work main.go` command did allow the code to compile, but only once. I am now unable to use that method either.

D:\test>go build -work main.go
WORK=C:\Temp\go-build717151410
go build command-line-arguments: copying C:\Temp\go-build717151410\b001\exe\a.out.exe: open main.exe: Access is denied.

WarpMonkey

When a go program is built, it uses a temporary working directory, and if Bitdefender (Bitdefender Total Security paid product) is running with default settings, it blocks the build process from happening.

When it blocks the generated .exe file that sits in a temporary working directory, it automatically deletes the file it blocked, so I don't have anything to upload to Bitdefender.

If I change the Bitdefender setting "Protection - Antivirus - Advanced - Threat Actions' from 'Take proper actions' to 'Move to quarantine' then I find the supposedly infected file doesn't move to quarantine, it's still removed from the system.

If I add an Antivirus exception to 'Protection - Antivirus - Settings - Manage exceptions' and add an exclusion to not scan the root directory that Go Lang uses for building, then I can run the Go Programs fine. This means the exception is definitely related to the temporary Go Lang build directory.

If I completely disable 'Bitdefender Shield' by going to 'Protection - Antivirus - Advanced - Bitdefender Shield' and disable it, even for 5 minutes, then without any exceptions set, the Go Lang build process works fine.

So the issue is less about a virus being on the machine, and more about a possible file lock issue on build processes and how Bitdefender scans files that are being built.

To me, it feels like the build process is generating a file, and Bitdefender sees the new file being created and immediately tries to scan it, but the build process is still happening, and Bitdefender feels this is the behavior of a virus, so it trips a false positive on the file.

That's how it feels to me after using computers for more than 40 years, but I'm not privy to the internal processing logic of Bitdefender.

The problem still exists, and needs to be fixed, because the current solution is to shutdown Bitdefender Shield, or add exclusions to stop it from working at all in a temporary build location.

Flexx

https://community.bitdefender.com/en/discussion/comment/300587#Comment_300587

Kindly drop a email to bitdefender support at bitsy@bitdefender.com regarding your query & ask them to share your query with the development team to see if they can help you on their side.

Regards

Flex

oxmanroman

As advised here https://forum.golangbridge.org/t/bitdefender-detects-output-as-a-virus/22152/8 a "good" solution would be to add the environment variable GOTMPDIR with any path of your choice, where the builds are going to be stored. (Maybe reboot after this)

Then just go to BitDefender Protection -> Antivirus -> Settings -> Manage Exceptions and add your path as an exception.