Page 1 of 1
Antivirus on TS-669L not picking up viruses
Posted: Sun Aug 02, 2020 12:15 am
by Budgie
I am getting reports from my firewall that Botnet/command-and-control traffic is being detected on both of my Qnap NAS devices.
Why is this not being detected and removed by the installed antivirus app please?
Re: Antivirus on TS-669L not picking up viruses
Posted: Sun Aug 02, 2020 12:48 am
by P3R
Budgie wrote: ↑Sun Aug 02, 2020 12:15 am
I am getting reports from my firewall that Botnet/command-and-control traffic is being detected on both of my Qnap NAS devices.
Why is this not being detected and removed by the installed antivirus app please?
There are three possible explanations.
- The Qnap doesn't have any malware on it and it's a false-positive report from your firewall.
- The antivirus app you have installed doesn't look for malware in the system itself, only malware in the stored user files (ClamAV).
- The antivirus app you have installed doesn't have a signature for the malware you have.
So what antivirus app are you using? (ClamAV or McAfee)?
Are you also running the Qnap app called Malware Remover?
Re: Antivirus on TS-669L not picking up viruses
Posted: Sun Aug 02, 2020 1:15 am
by Budgie
Hi and many thanks for the instant reply.
I am using the application which was installed by Qnap from the outset which is called "Antivirus."
Opening this points to Clanav.net so I assume that is what is installed.
I have not installed Malware Remover previously but have now done so and run it.
Nothing to report that I can see but I may have missed it.
Re: Antivirus on TS-669L not picking up viruses
Posted: Sun Aug 02, 2020 1:30 am
by P3R
Budgie wrote: ↑Sun Aug 02, 2020 1:15 am
Opening this points to Clanav.net so I assume that is what is installed.
Yes, that's the default. Then it's at least the second alternative. ClamAV don't search the Qnap itself for malware, only stored user files.
I have not installed Malware Remover previously but have now done so and run it.
Nothing to report that I can see but I may have missed it.
I don't know if the reporting have improved or if Malware Remover is still a black box not revealing anything.
If you have (or have previously had) any port forwarding (manual or UPnP) through your firewall from the internet to your Qnaps, then it's very possible that they are infected. I recommend that you isolate the Qnaps to your internal network only. Or if remote access is absolutely necessary then I recommend that you implement a remote access solution, preferably on your internet firewall/router.
Please
contact Qnap support to get help with verifying your Qnaps are free from malware.