- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Dozens of emails about new antivirus threats
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dozens of emails about new antivirus threats
Has anyone else started getting tons of email alerts in the past day about new virus threats? I haven't added any files to my NAS for months, but I'm getting several dozen about threats in the following location:
/usr/share/doc/gcc-4.9-base/test-summaries/
I don't think I can access this location via the GUI, so I'm trying to figure out if it's worth my time to get an SSH client up and running to dig into this. I also want to make sure this isn't an error and I'd be deleting legit files...I know the antivirus service hasn't been working for months, and it seems kind of a coincidental that all of a sudden I've got tons of viruses.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Dozens of emails about new antivirus threats
@slavrenz wrote:/usr/share/doc/gcc-4.9-base/test-summaries/
My NAS doesn't show that folder.
root@NAS:/usr/share/doc# ls -als total 0 0 drwxr-xr-x 1 root root 482 Apr 22 01:09 . 0 drwxr-xr-x 1 root root 768 Nov 5 2020 .. 0 drwxr-xr-x 1 root root 16 Apr 30 2019 apt 0 drwxr-xr-x 1 root root 0 Apr 30 2019 apt-transport-https 0 drwxr-xr-x 1 root root 112 Oct 11 2018 ca-certificates 0 drwxr-xr-x 1 root root 156 Apr 30 2019 clamav 0 drwxr-xr-x 1 root root 178 Apr 30 2019 clamav-base 0 drwxr-xr-x 1 root root 156 Apr 30 2019 clamav-daemon 0 drwxr-xr-x 1 root root 222 Apr 30 2019 clamav-freshclam 0 drwxr-xr-x 1 root root 94 Mar 3 07:00 dmidecode 0 drwxr-xr-x 1 root root 114 Feb 5 2017 iperf 0 drwxr-xr-x 1 root root 118 May 26 2017 iperf3 0 drwxr-xr-x 1 root root 0 Apr 30 2019 libapache2-mod-csrf 0 drwxr-xr-x 1 root root 0 Apr 30 2019 libapt-pkg5.0 0 drwxr-xr-x 1 root root 178 Apr 30 2019 libclamav7 0 drwxr-xr-x 1 root root 118 May 26 2017 libiperf0 0 drwxr-xr-x 1 root root 42 Jul 7 13:53 librnimage1 0 drwxr-xr-x 1 root root 0 Mar 24 2017 libusb-0.1-4 0 drwxr-xr-x 1 root root 56 Nov 10 2019 plexmediaserver 0 drwxr-xr-x 1 root root 24 Aug 11 2017 rdbroker 0 drwxr-xr-x 1 root root 0 Jul 2 2019 readynasos 0 drwxr-xr-x 1 root root 24 Jul 7 13:53 readysync 0 drwxr-xr-x 1 root root 42 Jul 7 2018 smbplus 0 drwxr-xr-x 1 root root 164 Jun 8 2017 traceroute 0 drwxr-xr-x 1 root root 0 Oct 24 2017 wsdd2 root@NAS:/usr/share/doc#
What firmware are you running?
Was SSH enabled before, and used to install gcc?
I expect these are false alarms, but probably worth checking with ssh, and seeing how gcc got installed in the first place.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Dozens of emails about new antivirus threats
What is gcc? These aren't system files then, I take it?
I'm currently running the latest firmware - I think it's 6.10 Hotfix 1 or something like that.
I had previously SSH'd into the NAS some years back in preparation for doing some more intensive work - I wanted to try and get a Calibre server up and running - but I never went as far as actually doing anything other than establishing the SSH connection.
One other point - the same threat keeps coming up in the emails - it's called "Heuristic.XZ.DicSizeLimit". This sounds like a very generic/benign threat, where maybe it's being flagged due to an unusually large file size and nothing else. Would that be an accurate read of the situation?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Dozens of emails about new antivirus threats
@slavrenz wrote:
What is gcc?
gcc is a C compiler. https://gcc.gnu.org/
What apps are installed on your NAS???
Is your NAS open to the internet (ports forwarded, etc)?
@slavrenz wrote:
What is gcc? These aren't system files then, I take it?
Note it's not installed at all on my system. But I don't think this folder normally contains any executable files.
I think the first question is to figure out what installed it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Dozens of emails about new antivirus threats
I only have Plex, SMB Plus, and Anti-Virus Plus, the latter two apps being from Netgear. Never had anything else installed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Dozens of emails about new antivirus threats
@slavrenz wrote:
I only have Plex, SMB Plus, and Anti-Virus Plus, the latter two apps being from Netgear. Never had anything else installed.
What firmware are you running? Antivirus Plus is long gone, it should have been removed when you upgraded to 6.6.1. That was when Netgear replaced the AV package with ClamAV.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Dozens of emails about new antivirus threats
As I said above, I'm running the latest firmware 6.10 Hotfix 1 (or something like that). I just checked for a firmware update a few days ago.
I wasn't looking at my NAS control panel when I answered that question. Yes, it was Antivirus Plus at one time, I will have to check the current name when I'm home tonight. Is it actually called 'ClamAV' and would it show up in the apps list? I don't recall seeing this installed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Dozens of emails about new antivirus threats
@slavrenz wrote:
As I said above, I'm running the latest firmware 6.10 Hotfix 1 (or something like that). I just checked for a firmware update a few days ago.
There is no AntiVirus app anymore. It shouldn't be on your app page, because it was removed several years ago.
There still is an AntiVirus service in system->settings->services, which uses the freeware clamav software. But there are no apps to configure it.
Something installed gcc at some point on your system. It wasn't plex, and it wasn't smbplus (as they are both installed on my NAS, and it doesn't have that folder).