False positive when running Go Lang program edited in Visual Studio Code

I'm running a simple 'hello world' style program written in Go, and when I run it from the command line I get the compiled file blocked, and a false positive hit on a virus.

Steps to reproduce on Windows 10 , latest build:

  • Install Go Lang from the official site
  • Install Visual Studio Code
  • Enable Go support in Visual Studio
  • Create this program (saved as main.go) in Visual Studio Code:
package main

import "fmt"

func main() {
   fmt.Println("Hi there!")
}
  • Go to a command prompt into that directory and type
  • go run main.go

There will be an 'Access Denied' error as BitDefender blocks the program from running with the following message:

C:\dev\udemy\helloworld>go run main.go

open C:\Users\Someone\AppData\Local\Temp\go-build276929322\b001\exe\main.exe: Access is denied.

go: failed to remove work dir: remove C:\Users\Someone\AppData\Local\Temp\go-build276929322\b001\exe: The process cannot access the file because it is being used by another process.


The message in BitDefender is:

Antivirus

The file C:\Users\Someone\AppData\Local\Temp\go-build276929322\b001\exe\main.exe is infected with Gen:Variant.Bulz.334385. The threat has been successfully blocked, your device is safe.


I performed a full scan, and there is no such virus on the machine.

It seems to be a false positive.


When I run code directly in the IDE, it works fine, being in Visual Studio Code or in WebStorm GoLand.


Can this please be fixed?

Answers

  • Getting the same issue on my end to . and there seems to be no way to add it to exceptions list . I am a software dev and this is extremely annoying .

  • Flexx
    Flexx mod
    edited February 2021

    Kindly fill this online forum (https://www.bitdefender.com/consumer/support/answer/40673/) .The forum will share the respective file directly with the malware research team and if the file is indeed not malicious, detection will be removed in maximum of 72 hours.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Why we need to submit file that can't even run after compile? It's just .exe temporary generate for develop run nothing infect just hello world still can't run

  • As quoted by you in your post the file is detected as Gen:Variant.Bulz.334385 by bitdefender which is a signature based detection. Signature based detection are created by malware researchers. So, to remove this detection, you will have to provide the detected file to malware researchers.

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hi it looks like Bitdefender Deletes the file as part of disinfection process . The location in the tmp folder is always missing the exe. Is there a way to stop Bitdefender from deleting the file ?

  • btw when i use the Go Build command i am able to build a exe and then execute that exe in PS . it appears Bitdefender is blocking when the go framework tries to execute the executable generated from the temp location ?? at least that's what I think. if it is helpful i can upload the exe generated with the Go build command

  • I'd like to act as another user that is having this issue.

    Actually, we have at least three machines in our office that can no longer compile Go source.

    This is true for a simple "Hello World" program that ONLY has: fmt.Println("Hello World")

  • I'd also like to note that this has nothing to do with Visual Studio or any other IDE.

    I created the source with notepad and it is unable to be compiled by the `go build` command.


    My experience is the same as the original poster.

    Go appears to build the source in an intermediary temporary folder, this folder appears to get deleted during the compile process by Bitdefender, so there is no file to submit to Bitdefender. The admin for Bitdefender added my temp folder as an exclusion rule, but it does not resolve the issue. The build is still blocked.

  • I should also note, there is an alternative way to build Go programs by hand. The syntax is "go build -work main.go`

    Using the -work flag does allow the program to compile and Bitdefender does not block it. Compiling Go programs in this manner is not a tenable solution for us as it produces some secondary output that is not acceptable, but it does allow the code to compile.

    I believe that the answer to it compiling may be in the documentation for that flag:

    -work
    	print the name of the temporary work directory and
    	do not delete it when exiting.
    

    Is it possible that Bitdefender is flagging this directory delete, which occurs naturally during the normal compile process, as malicious behavior. And when adding the -work flag, Bitdefender allows the compile to go through?

  • Sorry to continue with posts, but one other issue has arisen. Using the `go build -work main.go` command did allow the code to compile, but only once. I am now unable to use that method either.

    D:\test>go build -work main.go
    WORK=C:\Temp\go-build717151410
    go build command-line-arguments: copying C:\Temp\go-build717151410\b001\exe\a.out.exe: open main.exe: Access is denied.
    
  • When a go program is built, it uses a temporary working directory, and if Bitdefender (Bitdefender Total Security paid product) is running with default settings, it blocks the build process from happening.

    When it blocks the generated .exe file that sits in a temporary working directory, it automatically deletes the file it blocked, so I don't have anything to upload to Bitdefender.

    If I change the Bitdefender setting "Protection - Antivirus - Advanced - Threat Actions' from 'Take proper actions' to 'Move to quarantine' then I find the supposedly infected file doesn't move to quarantine, it's still removed from the system.

    If I add an Antivirus exception to 'Protection - Antivirus - Settings - Manage exceptions' and add an exclusion to not scan the root directory that Go Lang uses for building, then I can run the Go Programs fine. This means the exception is definitely related to the temporary Go Lang build directory.

    If I completely disable 'Bitdefender Shield' by going to 'Protection - Antivirus - Advanced - Bitdefender Shield' and disable it, even for 5 minutes, then without any exceptions set, the Go Lang build process works fine.


    So the issue is less about a virus being on the machine, and more about a possible file lock issue on build processes and how Bitdefender scans files that are being built.

    To me, it feels like the build process is generating a file, and Bitdefender sees the new file being created and immediately tries to scan it, but the build process is still happening, and Bitdefender feels this is the behavior of a virus, so it trips a false positive on the file.

    That's how it feels to me after using computers for more than 40 years, but I'm not privy to the internal processing logic of Bitdefender.


    The problem still exists, and needs to be fixed, because the current solution is to shutdown Bitdefender Shield, or add exclusions to stop it from working at all in a temporary build location.

  • Kindly drop a email to bitdefender support at bitsy@bitdefender.com regarding your query & ask them to share your query with the development team to see if they can help you on their side.

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • oxmanroman
    edited March 2021

    As advised here https://forum.golangbridge.org/t/bitdefender-detects-output-as-a-virus/22152/8 a "good" solution would be to add the environment variable GOTMPDIR with any path of your choice, where the builds are going to be stored. (Maybe reboot after this)

    Then just go to BitDefender Protection -> Antivirus -> Settings -> Manage Exceptions and add your path as an exception.