× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Dozens of emails about new antivirus threats

slavrenz
Aspirant

Dozens of emails about new antivirus threats

Has anyone else started getting tons of email alerts in the past day about new virus threats? I haven't added any files to my NAS for months, but I'm getting several dozen about threats in the following location:

 

/usr/share/doc/gcc-4.9-base/test-summaries/

 

I don't think I can access this location via the GUI, so I'm trying to figure out if it's worth my time to get an SSH client up and running to dig into this. I also want to make sure this isn't an error and I'd be deleting legit files...I know the antivirus service hasn't been working for months, and it seems kind of a coincidental that all of a sudden I've got tons of viruses.

Model: RN212|2 BAY Desktop ReadyNAS Storage
Message 1 of 8
StephenB
Guru

Re: Dozens of emails about new antivirus threats


@slavrenz wrote:

/usr/share/doc/gcc-4.9-base/test-summaries/

 


My NAS doesn't show that folder.

root@NAS:/usr/share/doc# ls -als
total 0
0 drwxr-xr-x 1 root root 482 Apr 22 01:09 .
0 drwxr-xr-x 1 root root 768 Nov  5  2020 ..
0 drwxr-xr-x 1 root root  16 Apr 30  2019 apt
0 drwxr-xr-x 1 root root   0 Apr 30  2019 apt-transport-https
0 drwxr-xr-x 1 root root 112 Oct 11  2018 ca-certificates
0 drwxr-xr-x 1 root root 156 Apr 30  2019 clamav
0 drwxr-xr-x 1 root root 178 Apr 30  2019 clamav-base
0 drwxr-xr-x 1 root root 156 Apr 30  2019 clamav-daemon
0 drwxr-xr-x 1 root root 222 Apr 30  2019 clamav-freshclam
0 drwxr-xr-x 1 root root  94 Mar  3 07:00 dmidecode
0 drwxr-xr-x 1 root root 114 Feb  5  2017 iperf
0 drwxr-xr-x 1 root root 118 May 26  2017 iperf3
0 drwxr-xr-x 1 root root   0 Apr 30  2019 libapache2-mod-csrf
0 drwxr-xr-x 1 root root   0 Apr 30  2019 libapt-pkg5.0
0 drwxr-xr-x 1 root root 178 Apr 30  2019 libclamav7
0 drwxr-xr-x 1 root root 118 May 26  2017 libiperf0
0 drwxr-xr-x 1 root root  42 Jul  7 13:53 librnimage1
0 drwxr-xr-x 1 root root   0 Mar 24  2017 libusb-0.1-4
0 drwxr-xr-x 1 root root  56 Nov 10  2019 plexmediaserver
0 drwxr-xr-x 1 root root  24 Aug 11  2017 rdbroker
0 drwxr-xr-x 1 root root   0 Jul  2  2019 readynasos
0 drwxr-xr-x 1 root root  24 Jul  7 13:53 readysync
0 drwxr-xr-x 1 root root  42 Jul  7  2018 smbplus
0 drwxr-xr-x 1 root root 164 Jun  8  2017 traceroute
0 drwxr-xr-x 1 root root   0 Oct 24  2017 wsdd2
root@NAS:/usr/share/doc#

What firmware are you running?

Was SSH enabled before, and used to install gcc?

 

I expect these are false alarms, but probably worth checking with ssh, and seeing how gcc got installed in the first place.

 

 

 

Message 2 of 8
slavrenz
Aspirant

Re: Dozens of emails about new antivirus threats

What is gcc? These aren't system files then, I take it?

 

I'm currently running the latest firmware - I think it's 6.10 Hotfix 1 or something like that.

 

I had previously SSH'd into the NAS some years back in preparation for doing some more intensive work - I wanted to try and get a Calibre server up and running - but I never went as far as actually doing anything other than establishing the SSH connection.

 

One other point - the same threat keeps coming up in the emails - it's called "Heuristic.XZ.DicSizeLimit". This sounds like a very generic/benign threat, where maybe it's being flagged due to an unusually large file size and nothing else. Would that be an accurate read of the situation?

Message 3 of 8
StephenB
Guru

Re: Dozens of emails about new antivirus threats


@slavrenz wrote:

What is gcc? 

 


gcc is a C compiler. https://gcc.gnu.org/

 

What apps are installed on your NAS???

Is your NAS open to the internet (ports forwarded, etc)?

 


@slavrenz wrote:

What is gcc? These aren't system files then, I take it?

 


Note it's not installed at all on my system.  But I don't think this folder normally contains any executable files. 

 

I think the first question is to figure out what installed it.  

Message 4 of 8
slavrenz
Aspirant

Re: Dozens of emails about new antivirus threats

I only have Plex, SMB Plus, and Anti-Virus Plus, the latter two apps being from Netgear. Never had anything else installed.

Message 5 of 8
StephenB
Guru

Re: Dozens of emails about new antivirus threats


@slavrenz wrote:

I only have Plex, SMB Plus, and Anti-Virus Plus, the latter two apps being from Netgear. Never had anything else installed.


What firmware are you running?  Antivirus Plus is long gone, it should have been removed when you upgraded to 6.6.1.  That was when Netgear replaced the AV package with ClamAV.

Message 6 of 8
slavrenz
Aspirant

Re: Dozens of emails about new antivirus threats

As I said above, I'm running the latest firmware 6.10 Hotfix 1 (or something like that). I just checked for a firmware update a few days ago.

 

I wasn't looking at my NAS control panel when I answered that question. Yes, it was Antivirus Plus at one time, I will have to check the current name when I'm home tonight. Is it actually called 'ClamAV' and would it show up in the apps list? I don't recall seeing this installed.

Message 7 of 8
StephenB
Guru

Re: Dozens of emails about new antivirus threats


@slavrenz wrote:

As I said above, I'm running the latest firmware 6.10 Hotfix 1 (or something like that). I just checked for a firmware update a few days ago.

 


There is no AntiVirus app anymore.  It shouldn't be on your app page, because it was removed several years ago.

 

There still is an AntiVirus service in system->settings->services, which uses the freeware clamav software.  But there are no apps to configure it.

 

Something installed gcc at some point on your system.  It wasn't plex, and it wasn't smbplus (as they are both installed on my NAS, and it doesn't have that folder).

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 1310 views
  • 0 kudos
  • 2 in conversation
Announcements