NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

0d0a's avatar
0d0a
Tutor
Jan 20, 2017

Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-killall

And I see no way of configuring the AV scanner on the admin pages  
Feature Request & Feedback
Virus scanner
StephenB's avatar
StephenB
Guru - Experienced User
Jan 20, 2017
gyves1 wrote:

If you have the last FW 6.6.1, and you can't see your antivirus...it's normal..it's an issue or bug. I have also this problem :-( my antivirus is hidden somewhere since the last FW.

AV itself should appear on system->settings->services.  There is no app to control the advanced settings though.

0d0a's avatar
0d0a
Tutor
Jan 20, 2017
StephenB wrote:
gyves1 wrote:

If you have the last FW 6.6.1, and you can't see your antivirus...it's normal..it's an issue or bug. I have also this problem :-( my antivirus is hidden somewhere since the last FW.

AV itself should appear on system->settings->services.  There is no app to control the advanced settings though.

Strange! 

 

I now received a mail stating there is not enough space left on the drive , but web admin says there is at least 90 % left ...

 Switched scanner off and wait for update .... This does not appear to be reliable at all.....

  • StephenB's avatar
    StephenB
    Guru - Experienced User
    Jan 20, 2017
    0d0a wrote:

    I now received a mail stating there is not enough space left on the drive , but web admin says there is at least 90 % left ...

     Switched scanner off and wait for update .... This does not appear to be reliable at all.....

    Others here have seen similar messages.  Netgear did push a patch for AV, but I think that was for definition updates, not this.  It will eventually be applied to your NAS, but you can apply it now by rebooting.

    • ronlaws86's avatar
      ronlaws86
      Guide
      May 19, 2017

      there is an option in ClamAV to ignore these, traditionally you would go to /etc/default/config/etc/clamav/clamd.conf and /etc/clamav/clamd.conf
       and change the line: -

       

      DetectBrokenExecutables    true

      to false. 

       

       

      However, it seems the recent versions of RNOS activly replace these files even when you go in and change them maniually over ssh, probably why the AV+ app was pulled from the little app store because it doesn't work anymore, which is very frustrating, because it picks up a lot of Linux system files from backups I have running...

      eg. 

      System: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /data/TranscendUSB/backup2701/usr/lib/libgcj_bc.so.1.0.0. Please delete the infected file soon.

       

      A Way to make the change stick would be really handy. :smileyindifferent:

      • ronlaws86's avatar
        ronlaws86
        Guide
        May 19, 2017

        Temprary Fix!

         

        So i was digging around inside the NAS via SSH, and I cannot find where it is getting the default config file, my guess is that something somewhere deep in frontview or readynasd is replacing it. So I engineerd a bit of a hacky (and dirty) workaround. 

         

        The problem: 

        /etc/clamav/clamd.conf is getting replaced by something within readynasOS, as such any sibsiquent changes you make to this file is overwritten almost immediatly. 

        changing this file to become immutable (chattr +i) will result in Frontview throwing up an error. 

         

        However

        /etc/default/config/etc/clamav/clamd.conf seems to remain untouched. So it is safe to make your changes in here, though they will not be parsed directly by clamd when it is called. 

         

        The dirty fix:

        clamd is located under /use/sbin and to sort of fix this problem of the config file being overwritten, i've moved clamd to clamd-bin, and created a shell script in its place to copy over the user preferences every time clamd is called, then execute clamd-bin with the given arguments. 

         

        so now under /usr/sbin I have 2 files 

        clamd-bin (the actual binary)

        clamd (the hacky shell script) 

         

        To do this for yourself, and if you are comfortable mucking around in the guts of your ReadyNAS, simply do the following: - 

         

        Enable SSH via frontview and log in using the user root and your admin password. 

         

        the commands are as follows:-

         

        Change directory to /usr/sbin

        cd /usr/sbin

        Rename the clamd binary

        mv clamd clamd-bin

        create our standin clamd file (hint, if you prefer nano as opposed to vi/vim you can install it with apt-get install nano)

         

        nano clamd

        - or -

        vi clamd

        and paste the following:-

        #!/bin/sh

#overwrite conf with user settings
cp /etc/default/config/etc/clamav/clamd.conf /etc/clamav/clamd.conf

#run clamd-bin with args
/usr/sbin/clamd-bin $1 $2 $3 $4 $5

        Save and close

         

        then mark both files as executable

        chmod +x clamd clamd-bin

         

        Note, I provided the script with probably way more arg variables ($1 $2 etc) than is probably ever used, but to be on the safe side, it does not hurt to have undefined ones. This script will basically aggresivly overwrite the parsed config file anytime clamd is called, it's not ideal, but for now seems the only way to make changes to the defaults in a more persistent manner. 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More