NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
readynas antivirus
Hi,
i couldn't find my model so it is actually a readynas 202. we have recently turned on the AV and recieved the following email:
Antivirus scanner found a threat ( Heuristic.XZ.DicSizeLimit) in the file /var/backups/md/raid_config_data-0_2019_03_05_195828.tar.xz. Please delete the infected file soon.
There are also a couple more emails with a similar path. however, i am unable to access that location. any advise?
Thanks
I took the liberty of fixing your model number field (not sure why you couldn't find it).
Coffin_Jim wrote:
Antivirus scanner found a threat ( Heuristic.XZ.DicSizeLimit) in the file /var/backups/md/raid_config_data-0_2019_03_05_195828.tar.xz. Please delete the infected file soon.
There are also a couple more emails with a similar path. however, i am unable to access that location. any advise?
This is on the OS partition - so you need to enable ssh, and access it with the Linux command line.
Once SSH is enabled in the web ui, you could also use WinSCP to browse to /var/backups - which will be easier if you don't have any linux skills. You'd select "SCP" as the protocol (port 22). the user name is root, the password is the NAS admin password. Then click on login. You'll initially see an empty pane, but if you go up a level you will see the OS folders (starting with apps, ending with var).
These particular alerts are almost certainly false positives, so instead of deleting the files you might want to report them to ClamAV.
Of course if you aren't downloading files directly to the NAS, you could also just turn AV off again.
2 Replies
Replies have been turned off for this discussion
I took the liberty of fixing your model number field (not sure why you couldn't find it).
Coffin_Jim wrote:
Antivirus scanner found a threat ( Heuristic.XZ.DicSizeLimit) in the file /var/backups/md/raid_config_data-0_2019_03_05_195828.tar.xz. Please delete the infected file soon.
There are also a couple more emails with a similar path. however, i am unable to access that location. any advise?
This is on the OS partition - so you need to enable ssh, and access it with the Linux command line.
Once SSH is enabled in the web ui, you could also use WinSCP to browse to /var/backups - which will be easier if you don't have any linux skills. You'd select "SCP" as the protocol (port 22). the user name is root, the password is the NAS admin password. Then click on login. You'll initially see an empty pane, but if you go up a level you will see the OS folders (starting with apps, ending with var).
These particular alerts are almost certainly false positives, so instead of deleting the files you might want to report them to ClamAV.
Of course if you aren't downloading files directly to the NAS, you could also just turn AV off again.
Hi Stephen,
if you believe they are false positives then i will assume you are correct and leave it well alone. I would rather avoid using SSH if i have to for fear of accidently breaking it.
Thanks for your help
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
