0

I have written a program in Go to create PDFs and zip files with LaTeX and operating system board tools (it has to work on Linux and Windows). A few days ago, Windows Defender classified my exe as a Trojan. Because I share the file with friends: How can I make sure that my program is not flagged as a virus?

The PDFs and zip file are created in an export folder. The following steps are carried out:

  • The export folder is emptied.
  • An image is tested for a specific size.
  • .tex files are copied temporarily.
  • LaTex/Docker is started and generates various PDFs using .tex files.
  • A zip file is created.
  • Temporarily copies are removed
  • Some files created by LaTeX are deleted
  • Text in the console is displayed in green or red.

I compiled the programm with:

GOOS=windows GOARCH=amd64 go build -o start_myprogramm.exe -ldflags="-s -w" src/,y-programm.go;

My import looks like this:

import (
    "archive/zip"
    "bufio"
    "fmt"
    "image"
    _ "image/jpeg"
    "io"
    "log"
    "os"
    "os/exec"
    "path/filepath"
    "regexp"
    "strings"
    "sync"
    "time"

    "github.com/fatih/color"
)

I have read similar cases. Among other things, it said that you can sign the file. Could this be the solution to the problem?

Improve this question
2
  • 1
    «How can I make sure that my program is not flagged as a virus?»–you cannot, as otherwise each virus would use exactly the same technique to mark itself as not a virus. An alternative would be some sort of a centrally-administered registry of "good" pieces of software which is not going to work in the general case (but can work in certain locked-down corporate environments where each machine can only have a precanned set of software installed and running). There's no way of combating that other than reporting the problem to Windows Defender and telling your friends to add an exception.
    – kostix
    Commented Dec 26, 2023 at 10:30
  • Also maybe just maybe the WD's behavior may depend on the way the executable has appeared on a particular machine. If it was "x-copy-deployed"–such as downloaded from the 'net, saved from an e-mail attachment etc–the system may have some flag on the executable that it's not trusted (Win7 had it for sure, dunno about the later versions), but it was installed using an installer, and–better–in a system-wide location such as under %ProgramFiles%, that'd make the binary "more trusted" FWIW.
    – kostix
    Commented Dec 26, 2023 at 10:34

1 Answer 1

Reset to default
-1

Without full code, can't determine exact reason.

The reason maybe probably like follows.

  • self copy & delete
  • regular networking
  • create executable files like *.exe or *.dll
  • some string patterns

...

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.