× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Antivirus false positives

gbeddow
Luminary

Antivirus false positives

Hi,

 

ReadyNAS Antivirus is flagging a couple of files in the current version of WordPress, zxcvbn-async.min.js and wp-fullscreen-stub.min.js, but there doesn't appear to be anything wrong with them according to virustotal.com, and I'm getting multiple emails for each file every day.

 

I've tried editing /opt/ctch/etc/ctscand.conf to exclude these 2 files from scanning, but shortly thereafter the config file just gets reverted and the flagging continues unabated. Only workaround seems to be to turn Antivirus off completely.

 

Is there a way to submit files as false positives?  Any other ideas out there?

 

Thanks,

Greg

 

Message 1 of 20
mdgm-ntgr
NETGEAR Employee Retired

Re: Antivirus false positives

Have you tried using the NETGEAR Anti-Virus Plus app?

Message 2 of 20
gbeddow
Luminary

Re: Antivirus false positives

Yes, I've tried the Antivirus Plus app many times. It's currently set to "Report and Block", with no options for whitelisting any files. Am I missing something there?

Message 3 of 20
JennC
NETGEAR Employee Retired

Re: Antivirus false positives

Hello gbeddow,

 

Are these the only JavaScript files you have stored to the NAS or there are other JS files that are not getting flagged? What's the current FW version of your NAS?

 

The AntiVirus and AntiVirus Plus do not have an option to white list files but maybe you can request this feature at idea exchange board.

 

 Regards,

Message 4 of 20
gbeddow
Luminary

Re: Antivirus false positives

I'll look into the feature request idea, thanks.

 

Firmware is the latest 6.5.2, although it started happening a couple days before upgrading when it was running 6.5.1.

 

Lots of other JS files on the server, these are the only 2 that get flagged. virustotal.com thinks they're ok, and they're identical to the official WordPress repository versions.

 

Isn't there a channel through Netgear back to the Antivirus vendor - or directly to the vendor - so that future AV updates fix this type of thing for everyone?

 

Message 5 of 20
JennC
NETGEAR Employee Retired

Re: Antivirus false positives

Hello gbeddow,

 

Have you tried checking these files with another Anti Virus software?

 

From what I read, ReadyNAS has integrated Commtouch AntiVirus. I think this built-in AntiVirus is intended to just detect but no action.

 

Regards,

Message 6 of 20
gbeddow
Luminary

Re: Antivirus false positives

The nice thing about virustotal.com is it runs the uploaded file thru more than 50 different virus checkers.

 

I have ReadyNAS Antivirus configured in its least restrictive "Report and Block" mode, which both reports (via email) and blocks access to the file - even trying to read the file is completely blocked until you turn off Antivirus.

Message 7 of 20
JennC
NETGEAR Employee Retired

Re: Antivirus false positives

Hello gbeddow,

 

I understand. What's the model number of your NAS again? Maybe you can check this with support team?

 

Regards,

Message 8 of 20
gbeddow
Luminary

Re: Antivirus false positives

RN202.

Message 9 of 20
JennC
NETGEAR Employee Retired

Re: Antivirus false positives

Hello gbeddow,

 

Try contacting support team to have them check the file if that is something that really needs to be flagged.

 

Regards,

Message 10 of 20
gbeddow
Luminary

Re: Antivirus false positives

Tech support on the unit expired back in March, so the link you supplied directed here, to the Forum. Infinite loop. 😞

Message 11 of 20
JennC
NETGEAR Employee Retired

Re: Antivirus false positives

Hello gbeddow,

 

Oh, will it be okay for us to have a copy of the file?

 

Regards,

Message 12 of 20
gbeddow
Luminary
JennC
NETGEAR Employee Retired

Re: Antivirus false positives

Hello gbeddow,

 

Thanks but how do I download this? I'm just trying to copy it and test on our own NAS.

 

Regards,

Message 14 of 20
gbeddow
Luminary

Re: Antivirus false positives

As usual there are lots of ways. You could copy the contents of each file from the links above, then save locally. Another way is to back up one level in github and click the download button

 

https://github.com/WordPress/WordPress

 

then unzip the file and locate the 2 files in the resulting directory hierarchy here:

 

WordPress/wp-admin/js/wp-fullscreen-stub.min.js
WordPress/wp-includes/js/zxcvbn-async.min.js

 

Message 15 of 20
JennC
NETGEAR Employee Retired

Re: Antivirus false positives

Hello gbeddow,

 

How do you copy them over? I used the web browser and files but did not get the same problem. By the way, I copied to notepad and saved as .js file.

 

Regards,

Message 16 of 20
gbeddow
Luminary

Re: Antivirus false positives

Hi JennC,

 

It's not clear to me what's happening for you. Can you describe the steps you're taking in more detail?

 

Thanks,

Greg

Message 17 of 20
OOM-9
NETGEAR Expert

Re: Antivirus false positives

I am seeing the issue with the following file:

    WordPress/wp-admin/js/wp-fullscreen-stub.min.js

I will forward this file information through our channels.

 

I am not seeing the issue with this file:
    WordPress/wp-includes/js/zxcvbn-async.min.js

 

 

 

 

Message 18 of 20
B_L
NETGEAR Expert
NETGEAR Expert

Re: Antivirus false positives

Thank you for reporting this issue. It was fixed in the AV definiation update. Please make sure your AV definition file is up-to-date. The version should be 201609281626 or late.

 

You can install Anti-Vius Plus app, click the "Cehck Update" button to update the definition file.

There is a known bug that the "Definition File" is empty in Anti-Virus Plus app 2.0.4. It will be fixed in the next release 2.0.5. 

Message 19 of 20
gbeddow
Luminary

Re: Antivirus false positives

B_L,

 

Thanks. I turned Antivirus back on a few hours ago and, so far, it hasn't flagged these 2 files - or any other files. Keeping my fingers crossed...

 

Message 20 of 20
Top Contributors
Discussion stats
  • 19 replies
  • 6197 views
  • 1 kudo
  • 5 in conversation
Announcements