RN204 - anti virus finding multiple infected files
Hi
I have a RN204 with 4x2Tb disks raid 5. OS 6.10.10 Virus definitions being updated daily and protect ready NAS OS is enabled. (data has been backed and verified clean)
I am getting notifications that there are infected files in /Job_011/..... etc. This folder is not a share, it is at root level with various folders below. I'm not sure how I got it there but it is a backup of a PC. All the reported infected files are below the above folder. I have been able to ssh onto the NAS and manually deleted files. However the next day I get another bunch of files showing as being infected. It is as if a virus is in the OS and dropping new virus's into files. All PC's on the network have scanned clear.
Is there any way to verify that this is or isn't the case and what the best route to permanently remove the viruses.
There have been many more identified before I deleted the files. Infection rate seems to be increasing.If I do a factory reset would that defiantly ensure that any virus would be removed?
Re: RN204 - anti virus finding multiple infected files
That directory certainly shouldn't be there. I can only guess that it was created by an app, so what apps are you running?
Have you verified it really is at root level, not that the root level entry is just a pointer to elsewhere (not that I think the pointer should be there, either)?
I've heard of instances where backup files intended for a USB drive get put in the OS partition instead because of an issue mounting the USB drive, but they usually end up in /mnt.
I've heard of the ReadyNAS virus protection having a few false alarms, but that seems like a lot to all be false alarms.
Do you still have ReadyCloud active? Maybe they are getting there through that, though that would seem to indicate they really are on a PC somewhere as well. If you are running some kind of "active sync" on a PC, perhaps they are getting on the NAS before your PC antivirus can eliminate them. But that would mean you are doing something that puts you at risk for a lot of viruses.
A factory default would take care of the viruses. But until you figure out how they are getting there, I'm not sure they won't just be put back using the same mechanism.
Re: RN204 - anti virus finding multiple infected files
Hi Sandshark
Thanks for your reply. Sorry for the big gap in time to respond to you.
I have carried out a factory reset (Wednesday) and for a couple of days there were no reported viruses. I gradually copied back data to some of the shares. (not the one in the root folder) Yesterday I had a notification of viruses in some .eml files today an additional virus and trojan same as before. The infection seams to follow a similar pattern .eml first then onto dropping virus etc into .dll and .exe. Theses latest infections are on a shared folder so I scanned using AVG from my laptop. No malware was identified.
As you say the issue is seeing how the infections are getting onto the NAS as all of the connected devices are running AVG. After the factory reset I imported the configuration file previously saved. This had been scanned as reported as clear. To date there has been no infections reported on the NAS I use for backup. (RN214)
Today I have removed FTP and ReadyDLNA services. Could these have been the route in?
Further information the infection is turning off the Antivirus service which I keep turning on. I have just tried to download a custom configuration file and this was declined as being insecure by the browser I am now using AVG secure browser.
I have raised a query with AVG and am awaiting a response.
I am now considering another Factory reset and not importing a configuration and resetting from scratch the shares users etc. Do you think this is a sensible route?
Re: RN204 - anti virus finding multiple infected files
No, I do not think that's going to solve your problem. There is no way I can see for a configuration file to be a mechanism that gets viruses into your NAS. You have some active process, most likely not on the NAS itself, but which has access to the NAS, which is allowing viruses to propagate to the NAS. And until you find what that is and eliminate it, you're going to have the problem return no matter what you do.
I would start by not mapping the NAS on all of the machines,
