- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-killall
And I see no way of configuring the AV scanner on the admin pages
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
Odd that it would take issue with a core dump.
If there is a problem with a file you can manually deal with it. Though that file is not on the data volume.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
Hi,
If you have the last FW 6.6.1, and you can't see your antivirus...it's normal..it's an issue or bug. I have also this problem 😞 my antivirus is hidden somewhere since the last FW.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
@gyves1 wrote:
If you have the last FW 6.6.1, and you can't see your antivirus...it's normal..it's an issue or bug. I have also this problem 😞 my antivirus is hidden somewhere since the last FW.
AV itself should appear on system->settings->services. There is no app to control the advanced settings though.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
@StephenB wrote:
@gyves1 wrote:If you have the last FW 6.6.1, and you can't see your antivirus...it's normal..it's an issue or bug. I have also this problem 😞 my antivirus is hidden somewhere since the last FW.
AV itself should appear on system->settings->services. There is no app to control the advanced settings though.
Strange!
I now received a mail stating there is not enough space left on the drive , but web admin says there is at least 90 % left ...
Switched scanner off and wait for update .... This does not appear to be reliable at all.....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
@0d0a wrote:
I now received a mail stating there is not enough space left on the drive , but web admin says there is at least 90 % left ...
Switched scanner off and wait for update .... This does not appear to be reliable at all.....
Others here have seen similar messages. Netgear did push a patch for AV, but I think that was for definition updates, not this. It will eventually be applied to your NAS, but you can apply it now by rebooting.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
there is an option in ClamAV to ignore these, traditionally you would go to /etc/default/config/etc/clamav/clamd.conf and /etc/clamav/clamd.conf
and change the line: -
DetectBrokenExecutables true
to false.
However, it seems the recent versions of RNOS activly replace these files even when you go in and change them maniually over ssh, probably why the AV+ app was pulled from the little app store because it doesn't work anymore, which is very frustrating, because it picks up a lot of Linux system files from backups I have running...
eg.
System: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /data/TranscendUSB/backup2701/usr/lib/libgcj_bc.so.1.0.0. Please delete the infected file soon.
A Way to make the change stick would be really handy.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
Temprary Fix!
So i was digging around inside the NAS via SSH, and I cannot find where it is getting the default config file, my guess is that something somewhere deep in frontview or readynasd is replacing it. So I engineerd a bit of a hacky (and dirty) workaround.
The problem:
/etc/clamav/clamd.conf is getting replaced by something within readynasOS, as such any sibsiquent changes you make to this file is overwritten almost immediatly.
changing this file to become immutable (chattr +i) will result in Frontview throwing up an error.
However
/etc/default/config/etc/clamav/clamd.conf seems to remain untouched. So it is safe to make your changes in here, though they will not be parsed directly by clamd when it is called.
The dirty fix:
clamd is located under /use/sbin and to sort of fix this problem of the config file being overwritten, i've moved clamd to clamd-bin, and created a shell script in its place to copy over the user preferences every time clamd is called, then execute clamd-bin with the given arguments.
so now under /usr/sbin I have 2 files
clamd-bin (the actual binary)
clamd (the hacky shell script)
To do this for yourself, and if you are comfortable mucking around in the guts of your ReadyNAS, simply do the following: -
Enable SSH via frontview and log in using the user root and your admin password.
the commands are as follows:-
Change directory to /usr/sbin
cd /usr/sbin
Rename the clamd binary
mv clamd clamd-bin
create our standin clamd file (hint, if you prefer nano as opposed to vi/vim you can install it with apt-get install nano)
nano clamd
- or -
vi clamd
and paste the following:-
#!/bin/sh #overwrite conf with user settings cp /etc/default/config/etc/clamav/clamd.conf /etc/clamav/clamd.conf #run clamd-bin with args /usr/sbin/clamd-bin $1 $2 $3 $4 $5
Save and close
then mark both files as executable
chmod +x clamd clamd-bin
Note, I provided the script with probably way more arg variables ($1 $2 etc) than is probably ever used, but to be on the safe side, it does not hurt to have undefined ones. This script will basically aggresivly overwrite the parsed config file anytime clamd is called, it's not ideal, but for now seems the only way to make changes to the defaults in a more persistent manner.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
Is Netgear working on a solution for this? I also get messages stating Heuristics.Broken.Executable found on files which I very much doubt that they have an issue.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
This is still a problem. The antivirus is worthless with all the false positives that I get. This needs to be a greater priority for Netgear.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Antivirus scanner found a threat (Heuristics.Broken.Executable) in the file /var/cores/core-kill
I adopt the ronlaws86 method and it works perfectly.
It's deplorable to change an antivirus in a new version (if we consider it's new after long months) and not include an app or a doc to manage it.
Thanks ronlaws86 😉