NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

the_Agent's avatar
Jan 18, 2017
Solved

Lots of Virus detection after 6.6.1 Update

Hello,

I updated to 6.6.1 today and shortly after that my Virus Scanner detected a bunch of files:

The First Message says my Storage is only 30% free, which is correct. The Next Message says it's only 5% free, which is false. I still have 4,24 TB of 13.63 TB available it says everywhere.

The Next few Messages I don't understand. There are Dangerous Files detected. Where can I delete this files in /tmp/... ?
I can't find a tmp folder in my shares.

--------------------------------------------------------------------

 
Mi Jan 18 2017 15:01:54    
System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Heuristics.Broken.Executable) in der Datei /tmp/clamav-3243752ca9e31453cac0185403f9e606.tmp (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
Mi Jan 18 2017 15:01:48    
System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Heuristics.Broken.Executable) in der Datei /tmp/clamav-7b71a12a9b85e57a8c14cb7cdc55fbcf.tmp (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
Mi Jan 18 2017 15:01:48    
System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Heuristics.Broken.Executable) in der Datei /tmp/clamav-d24478adf926e5697003831eaed05fad.tmp (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
Mi Jan 18 2017 15:01:48    
System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Heuristics.Broken.Executable) in der Datei /tmp/clamav-d6cfdbc0c1373b2c731179ff1cb5536a.tmp (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
Mi Jan 18 2017 15:01:47    
System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Heuristics.Broken.Executable) in der Datei /tmp/clamav-f88c71c4aab23c7fa2ea72efe6a62276.tmp/zip.008 (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
Mi Jan 18 2017 15:01:46    
System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Heuristics.Broken.Executable) in der Datei /tmp/clamav-16d882a7200b7a2b75551734234393e4.tmp/zip.000 (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
Mi Jan 18 2017 14:37:55    
System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Heuristics.Broken.Executable) in der Datei /tmp/clamav-507da92e7bca77dbc9ca14a88a0c4415.tmp entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
Mi Jan 18 2017 10:37:05    
Volume: Es sind weniger als 5 % der Kapazität von media frei. Leistung auf Volume media hat sich verringert. Zur Verbesserung der Leistung müssen Sie die Kapazität erweitern.
Mi Jan 18 2017 10:27:00    
Volume: Es sind weniger als 30 % der Kapazität von media frei. NETGEAR empfiehlt, die Kapazität zur Aufrechterhaltung des aktuellen Leistungsniveaus zu erweitern. Die kontinuierlichen Sicherungs-Snapshots werden gelöscht, wenn der freie Speicherplatz des Volumes weniger als 5 % beträgt.

  • Try upgrading to 6.7 at the end of the week and let us know if it fixes it. We launched a hotfix for it to the systems but it requires a reboot after it applies -- that was readynasos 6.6.1+2

67 Replies

Replies have been turned off for this discussion
    • the_Agent's avatar
      the_Agent
      Guide

      Hello,

       

      after a reboot and the installation of the update everything worked fine the last few days. No more 5% messages and the daily virus updates were installed correctly.

       

      Thx for your help

      • the_Agent's avatar
        the_Agent
        Guide

        Hello again,

         

        after a few days of silence it started again right now. First 20% free and shortly after that 30%. In this time I changed nothing. The Antivirus detection alerts are back again too.

         

        Mon Jan 23 2017 14:11:02    
        System: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /tmp/clamav-adff1f24c0bbc4e0eeb59c3dda5dffc7.tmp (deleted). Please delete the infected file soon if automatic delete setting is not enabled.
        Mon Jan 23 2017 14:10:55    
        System: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /tmp/clamav-52688c412f91b358b0346de0f90f88a4.tmp (deleted). Please delete the infected file soon if automatic delete setting is not enabled.
        Mon Jan 23 2017 14:07:04    
        Volume: Less than 30% of volume media's capacity is free. NETGEAR recommends that you add capacity to maintain current performance levels. Continuous protection snapshots will be deleted when volume free space is less than 5%.
        Mon Jan 23 2017 11:07:27    
        Volume: Less than 20% of volume media's capacity is free. Performance on volume media will degrade if additional capacity is consumed. NETGEAR recommends that you add capacity to avoid performance degradation.
        Sun Jan 22 2017 15:39:50    
        System: Antivirus scanner definition file was updated to 57.22929.
        Sat Jan 21 2017 15:40:51    
        System: Antivirus scanner definition file was updated to 57.22923.
        Fri Jan 20 2017 15:26:29    
        System: Antivirus scanner definition file was updated to 57.22917.

  • same here.

    Got 1000+ Virus warnings til now... readynas is still sending up to 10 mails per minute.

     

    Di Jan 24 2017 9:39:09	
    System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Swf.Exploit.CVE_2016_4178-1) in der Datei /tmp/clamav-e0916b288087f774c1b281d6a428c3c4.tmp/nocomment.html (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
    Di Jan 24 2017 9:39:03	
    System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Swf.Exploit.CVE_2016_4178-1) in der Datei /tmp/clamav-ca67c2e47e03f00044f40393a9c36399.tmp/nocomment.html (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
    Di Jan 24 2017 9:38:55	
    System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Swf.Exploit.CVE_2016_4178-1) in der Datei /tmp/clamav-861e3c93068486b3fc7dffbfe7d35ec3.tmp/nocomment.html (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
    Di Jan 24 2017 9:38:49	
    System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Swf.Exploit.CVE_2016_4178-1) in der Datei /tmp/clamav-0402e490e3f084f823cdd693f395e736.tmp/nocomment.html (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.
    Di Jan 24 2017 9:38:43	
    System: Der Virenschutzscanner hat eine Gefahr ({DetectType}:Swf.Exploit.CVE_2016_4178-1) in der Datei /tmp/clamav-7cf98f14f3fa9c44ae9b32799c7fa5e9.tmp/nocomment.html (deleted) entdeckt. Löschen Sie die Datei, die vom Virus befallen ist.

    Should i deactivate the antivirus-service?

    • the_Agent's avatar
      the_Agent
      Guide

      I've done it immediately, there is obviously something wrong with it.

      • FramerV's avatar
        FramerV
        NETGEAR Employee Retired

        Hi the_Agent,

         

        I will be sending your post to our subject matter experts as an inquiry. I will let you know if we get updates.

         

         

        Regards,

  • kohdee's avatar
    kohdee
    NETGEAR Expert

    Try upgrading to 6.7 at the end of the week and let us know if it fixes it. We launched a hotfix for it to the systems but it requires a reboot after it applies -- that was readynasos 6.6.1+2

    • Retired_Member's avatar
      Retired_Member

      6.7 has solved the issue.

    • joel71960's avatar
      joel71960
      Initiate

      Any idea when the final FW will be released?  Originally when the problem came up, it was posted that the FW would be released within a matter of days.  It has been many weeks since then.

      • aalexandrebeta's avatar
        aalexandrebeta
        Master

        joel71960  They were saying it is a matter of one week or 10 days!!

        That's way way too long to solve that kind of issue anyway from a customer point of view, I remember McAffee screwing up one of its updates and scrapping 2 PC of mine they made a commercial gesture et least. I had to extract the datas reformat and reinstall the things and cost me 4 days in total at that time!

  • I've used ReadyNAS 212 & the AntiVirus for over a year with NO Threats AT ALL found on my mac.

    ( I'm not a gamer, I don't download music or such,  Only Facebook, Wordprocessing, & Amazon/Ebay)

    I sent my MacbookPro in for battery repair.  As far as I know they did not format.

    All my files was the same.  EVEN my bootup with a ReadyNAS shared folder in my user bootup.

    I save EVERYTHING to my ReadyNAS.  Nothing is saved to my MacBookPro.

    (even my iTunes folders is on my ReadyNAS)

    .

    Now, everyday I get this virus msg:

    Antivirus scanner found a threat (Html. Phishing.Auction-213) in the file / ReadyNAS/.timemachine/ ReadyNAS/Joe’s MacBook Pro.  sparsebundle/bands/3f77. Please delete the infected file soon.

    .

    I see for the past 2 yrs this  was a problem.. I'm not sure why I'm now getting this isisue SO LATE.

    My Mac software is UTD.  My Readynas firmware is UTD.

    .

    Since ReadyNAS built the virus scanner into it's program.. I HAVE NO IDEA how to get to it's settings

    to somenow tell it NOT to scan my Mac.

    There are instructions to download the Antivirus Plus app.. but there IS NO APP.

    • StephenB's avatar
      StephenB
      Guru - Experienced User

      joe_wht wrote:

      Since ReadyNAS built the virus scanner into it's program.. I HAVE NO IDEA how to get to it's settings

      to somenow tell it NOT to scan my Mac.

       


      Why do you think it scanned your Mac?  The virus (or possibly false alarm) was found on the NAS time machine archive.


      joe_wht wrote:

       

      There are instructions to download the Antivirus Plus app.. but there IS NO APP.


      That app was written for different AV software.  Netgear switched to ClamAV early this year, and they haven't provided a new app.

       

      About all you can do right now is turn the service off.

      • jtowntex's avatar
        jtowntex
        Guide

        I had a longer reply but it seems to have disappeared. The short short version...

         

        1) It is not unheard of for an infection to escape detection until an update or the use of a different scanning tool. 

        2) Social media websites are excellent virus delivery methods no matter which one you use or which OS you use.

         

        Out of shear paranoia you might try uploading the file to a site that scans using multiple tools. There is a particular page in specific that will scan files and URLs with several dozen different AV programs. I use it quite often. I hesitiate to use names because I suspect that is why my post disappeared.

         

        The file can also simply be damaged. That can sometimes set off false positives as well. I have had that happen with some programs I wrote. I backed them up from a failing external disk and some of them apparently didn't make it on the first try. I just replaced the corrupted copies with functional ones and all is well.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More