[nonameiguess]

Go lets you run arbitrary shell commands. Even if you couldn't, you can do virtually anything with IO. Even if it had some way to guess the file you're trying to open is a socket, you don't necessarily need a socket. You can be writing to a named pipe or even a tty that serves as the input to ncat which keeps an active tcp session with some C&C server always running as a system daemon. That might sound ridiculous, but real-world malware often works in pairs like that where one process will simply see if another exists, do bad stuff if so, and forget about it if not. They're attacking millions if not billions of hosts, so don't need them all to join the botnet. Only the kernel at runtime knows what you're doing at the level of detail needed to prevent something like this.