[wbl]

Fail to scan with AV and you might be an unwitting malware distributor.

[MajesticHobo]

If you allow binary uploads, you're going to be a malware distributor whether you scan or not. AV just introduces complexity and attack surface and doesn't really belong in a guide about Golang secure coding practices.