× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Latest AntiVirus signature update corrupt?

nickjames
Luminary

Latest AntiVirus signature update corrupt?

Good afternoon,

 

I have a customer that has a 516 and this morning, I started getting tons of emails (over 400+) in just a few short hours regarding virus's being found on the NAS. Ironically this happened 3 minutes after downloading the latest signature for the AV scanner. The potential threats are all the same virus throughout the entire ReadyNAS all on Illustrator files and PDF files, that are mostly created in house.

 

Mon Jan 16 2017 9:16:16 System: Antivirus scanner found a threat (Security-Risk:JS/Injector.A) in the file /data/removed/removed/removed.ai->OBJ014. Please delete the infected file soon if automatic delete setting is not enabled.
Mon Jan 16 2017 9:13:44 - System: Antivirus scanner definition file was updated to 201701161630.

 

They are running 6.6.0 Firmware and did not experience this issue on Friday.

 

Are their any issues today with the signature file?

 

Thank you,

 

Nick

Message 1 of 18
THEITGUY69
Tutor

Re: Latest AntiVirus signature update corrupt?

Had the same thing happen to my yesterday, middle of the morning...  several 400+ emails with the JS/Injector.A virus & my artists had issue opening illustrator files ...  

 

i am on the phone with someone trying to wrap my head around this mess ... im pissed cause i spent several hours yesterday combining through computers looking for a virus that apparently does NOT exist.  

 

Upgraded to 6.6.1 & the emails stopped

 

 

Model: RN3138|ReadyNAS 3138 Series 4- Bay
Message 2 of 18
nickjames
Luminary

Re: Latest AntiVirus signature update corrupt?

Thanks for taking the time to reply , THEITGUY69.

 

I upgraded to 6.6.1 last night and enabled Antivirus again -- we'll see what today holds when my advisors get in and start cranking out the artwork.

 

I'm concerned that no one from Netgear has spoken up about this as it seems to be a pretty big impact on both of us. I know they changed how virus scanning was done but nothing was said about the behavior that was experienced yesterday.

 

Regards,

Nick

Message 3 of 18
accelcon
Aspirant

Re: Latest AntiVirus signature update corrupt?

Hello,

 

I just wanted to chime in and say I had this issue on a ReadyNAS 104 running 6.2.5 today.  Several server backups had failed all with the same reason, the XML file was corrupt.  I tried re-running the backups and had the same result. I couldn't even log into the NAS web console, so I rebooted it and then the alert popped up that the antivirus had disovered js/injector.A in those XML files.  So, it maybe sounds like a false positive on the antivirus?  I will be upgrading the firmware today and maybe that will help.  I am also deleting and running new backups, because SOMETHING happened to those XML files...

Message 4 of 18
nickjames
Luminary

Re: Latest AntiVirus signature update corrupt?

Just another update...

 

I had problems accessing the NAS this AM via IP address, ie- 192.168.100.100. I tried to log in and disable the antivirus software and it would not let me. I rebooted as a last effort. It slowly but surely came back online. At this point I could disable the antivirus scanning and haven't had a problem since.

 

Is antivius scanning the culprit again?

 

Looking forward to a Netgear response.

 

Regards,

Nick

 

 

EDIT: and this is on their latest code 6.6.1 and latest virus signatures as of 8pm PST last night.

Message 5 of 18
seanjohnsonci
Aspirant

Re: Latest AntiVirus signature update corrupt?

We too have had this issue.

 

Can someone at NetGear please respond?

Message 6 of 18
THEITGUY69
Tutor

Re: Latest AntiVirus signature update corrupt?

i spoke with Netgear on the phone yesterday & from what the lady told me, once you update to the latest firmware, the antivirus doesnt even work!!   they've deactivated IT & from what i was told it was going to be re-released in an app ??  i made her repeat it 3 times but it made no sense...  i told her to leave my case open...  Wish someone from Netgear would chime in! 

Message 7 of 18
StephenB
Guru

Re: Latest AntiVirus signature update corrupt?

I received an email from Netgear on this on 12/30/16:

@netgear wrote:

This message is to notify you that NETGEAR is updating the anti-virus software in ReadyNAS storage systems. The new anti-virus software is integrated in ReadyNAS OS 6.6.1 and will be released on January 3, 2017.

Your system might experience a short disruption of virus database updates, from January 1, 2017, to January 3, 2017. Your log file will indicate a failure in updating the virus database during that time.

If you have questions, contact readynassupport@netgear.com.

Best regards,

The NETGEAR Team


 

It sounds like they've replaced the AV package - AV still appears as a setting in system->settings on my 6.6.1 systems. But the old AV-plus app no longer works (and is not on my available app list).

 

AV is turned off on my systems, as I don't see the point of running it on both the NAS and the PCs.

Message 8 of 18
nickjames
Luminary

Re: Latest AntiVirus signature update corrupt?

According to that email, it says nothing about service being interrupted on Monday 1/16 as some of us have experienced. My device downloaded a signature update and 3 minutes after doing so, is when all the issues occurred (this was on 6.6.0)

 

Additionally, I've upgraded to 6.6.1 and the virus scanning in general was not working well so I had to disable it. Since doing so, the NAS has been fine.

 

Having multiple layers of virus scanning is an added layer of security. I have it on my firewall, NAS and client workstations. Having more that one scanner on an appliance or workstation is where you run into issues, in my opinion.

Message 9 of 18
StephenB
Guru

Re: Latest AntiVirus signature update corrupt?


@nickjames wrote:

According to that email, it says nothing about service being interrupted on Monday 1/16 as some of us have experienced.

Understood.   And 6.6.1 was released one day later than they said.

 

While Netgear also didn't say anything about definition updates from the old AV provider, my guess is that the contract for that lapsed - and that after a short period, those updates stopped working. Hopefully Netgear will clarify that (either way) here.


@nickjames wrote:

 

 Having multiple layers of virus scanning is an added layer of security...

I understand that point of view, and I didn't mean to imply that you should change your practice.  I made that comment only so you all would understand that the AV service is off on my machines - so I can't confirm whether the updates are failing or not.

Message 10 of 18
nickjames
Luminary

Re: Latest AntiVirus signature update corrupt?


@StephenB wrote:

Understood.   And 6.6.1 was released one day later than they said.

While Netgear also didn't say anything about definition updates from the old AV provider, my guess is that the contract for that lapsed - and that after a short period, those updates stopped working. Hopefully Netgear will clarify that (either way) here.

This makes perfect sense. It would have been nice to disclose that bluntly in the email though stating "If this is turned on it, your NAS is not going to operate right."


@StephenB wrote:

I understand that point of view, and I didn't mean to imply that you should change your practice.  I made that comment only so you all would understand that the AV service is off on my machines - so I can't confirm whether the updates are failing or not.


Ah I see what you are saying now; I took it the wrong way but thanks for clarifying.

 

And the wait continues for Netgear to at least be kind and follow up with us. I have end users asking "What happened Monday?!" still...

 

Regards,

Nick

Message 11 of 18
StephenB
Guru

Re: Latest AntiVirus signature update corrupt?

There was an issue in 6.6.1 with AV definition updates with the new provider.  Netgear pushed an automatic patch to fix it - you can reboot the NAS to install that now.

Message 12 of 18
Retired_Member
Not applicable

Re: Latest AntiVirus signature update corrupt?


@THEITGUY69 wrote:

i spoke with Netgear on the phone yesterday & from what the lady told me, once you update to the latest firmware, the antivirus doesnt even work!!   they've deactivated IT & from what i was told it was going to be re-released in an app ??  i made her repeat it 3 times but it made no sense...  i told her to leave my case open...  Wish someone from Netgear would chime in! 


Can you PM the case number to me please?

Message 13 of 18
nickjames
Luminary

Re: Latest AntiVirus signature update corrupt?


@HyacintheJ wrote:

@THEITGUY69 wrote:

i spoke with Netgear on the phone yesterday & from what the lady told me, once you update to the latest firmware, the antivirus doesnt even work!!   they've deactivated IT & from what i was told it was going to be re-released in an app ??  i made her repeat it 3 times but it made no sense...  i told her to leave my case open...  Wish someone from Netgear would chime in! 


Can you PM the case number to me please?


Hi,

 

Can you help answer some of the questions in this thread?

I'm currently not using virus scanning because its unreliable.

 

Please follow up with your users

 

Regards,

Nick

Message 14 of 18
Retired_Member
Not applicable

Re: Latest AntiVirus signature update corrupt?

Hi nickjames,

 

If I had information, I would share it here. Unfortunately I don't.

I work for NETGEAR, but I don't work on the community. The only help I can provide right now is looking at THEITGUY69's case.

Hopefully someone with more info will update the thread.

Message 15 of 18
nickjames
Luminary

Re: Latest AntiVirus signature update corrupt?

Has there been any update to this, from Netgear by chance?

Message 16 of 18
THEITGUY69
Tutor

Re: Latest AntiVirus signature update corrupt?

These NAS devices are proving to be a real pain in the butt !!!   I have to deactivate the ANTI-VIRUS completely or you cant even access the files on the device...  

 

OK, so baiscally, ONCE AGAIN !!   the antivirus software on the NAS... the reason these FRIKIN things doesnt work

 

lovely!! 

Message 17 of 18
StephenB
Guru

Re: Latest AntiVirus signature update corrupt?

Message 18 of 18
Top Contributors
Discussion stats
  • 17 replies
  • 3921 views
  • 1 kudo
  • 6 in conversation
Announcements