Malware Remover - detailed information on the scanning result

Tell us your most wanted features from QNAP products.
docentt
New here
Posts: 5
Joined: Fri Feb 24, 2017 7:16 am

Malware Remover - detailed information on the scanning result

Postby docentt » Tue Aug 08, 2017 10:41 pm

Any detailed information on the result of the Malware Remover scanning process would be very, very helpful.
At the moment, if a malware is detected remover ends with the following entry in the log: "[MalwareRemover] Scan completed and malware deleted."
There is no information what kind of malware, in which location it has been found etc.

I got information about the infection every day for more than a few weeks in a row and I am not able to track the source of the problem!
I don't know whether this is Malware Remover false positive error or there is some user who infects my qnap every day.

Regards
Tomasz

dolbyman
Ask me anything
Posts: 6545
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Postby dolbyman » Tue Aug 08, 2017 10:43 pm

qnap does not want to show it..they obfuscate it on purpose..one member tried to find out and was censored by qnap (the member left as a consequence)

so don't hold your breath for more transparency from qnap

docentt
New here
Posts: 5
Joined: Fri Feb 24, 2017 7:16 am

Re: Malware Remover - detailed information on the scanning result

Postby docentt » Wed Aug 30, 2017 10:30 pm

Any news concerning the feature?

Recently, my QNAP runs Malware Remover randomly resulting in multiple communicates e.g. in 1 minute period it can generate 5 messages:

Code: Select all

Type   Date   Time   Users   Source IP   Computer name   Content   
Information   2017/08/30   10:30:52   System   127.0.0.1   localhost   [MalwareRemover] Scan completed.   
Information   2017/08/30   10:30:50   System   127.0.0.1   localhost   [MalwareRemover] Scan completed.   
Information   2017/08/30   10:30:09   System   127.0.0.1   localhost   [MalwareRemover] Scan completed.   
Information   2017/08/30   10:30:00   System   127.0.0.1   localhost   [MalwareRemover] Scan completed and malware deleted.   
Information   2017/08/30   10:29:59   System   127.0.0.1   localhost   [MalwareRemover] Scan completed and malware deleted.   


The above is strange and scares me. I don't know whether it is caused by an error in Malware Remover or this is a real malware infection!
More detailed information from Malware Remover would calm me down and in my opinion is a must have feature.

dolbyman
Ask me anything
Posts: 6545
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Postby dolbyman » Wed Aug 30, 2017 10:37 pm

don't think qnap's position has changed on this

contact them directly via ticket to complain (we can't do anything about it)

User avatar
Johnno72
Know my way around
Posts: 222
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: Malware Remover - detailed information on the scanning result

Postby Johnno72 » Thu Aug 31, 2017 5:44 am

dolbyman wrote:qnap does not want to show it..they obfuscate it on purpose..one member tried to find out and was censored by qnap (the member left as a consequence)

so don't hold your breath for more transparency from qnap

The way I read this is that QNAP could be deleting competitor software or apps and simply take this road to hide their behaviour which does not put them in a nice position in peoples minds. Transparency will get more people using their products, hiding behind their ignorance and arrogance will undoubtedly catch up with them very fast across business and personal user bases.

They don't have the right to delete anything from any NAS unless they actually own that NAS, in this situation they don't own the NAS, we do and rightly so paying substantial price for their products, all people want from QNAP is transparency in their operation and items such as deletion of a possible threat without any logs being written is treading a very fine line and may come back to bite them in the butts if a business wishes to take this matter further in the courts.

If QNAP have nothing to hide then deleting private files on private equipment should be 100% logged including file, path, result and outcome. I would not at all be surprised to see this scan actually disabled on private NAS's by a lot of people and admins., after al there are other scanners out there to replace QNAP's.

Disgusting behaviour by QNAP and they can ignore people all they want, it remains regardless, bad behaviour of hiding the process and outcome of a positive result.
OS: Windows 10 Pro Insider Preview Build 17035.rs_prerelease.171103-1616 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay Rackmount - Firmware: 4.3.3.0361 Build 20171101
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: https://forum.qnap.com/viewtopic.php?f=5&t=68954

dolbyman
Ask me anything
Posts: 6545
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Postby dolbyman » Thu Aug 31, 2017 7:25 am

the malware remover is an optional app, so the user has to actively install it

here is the old thread with QNAP's decision to obfuscate the program

viewtopic.php?f=25&t=134070

User avatar
Johnno72
Know my way around
Posts: 222
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: Malware Remover - detailed information on the scanning result

Postby Johnno72 » Thu Aug 31, 2017 12:10 pm

dolbyman wrote:the malware remover is an optional app, so the user has to actively install it

here is the old thread with QNAP's decision to obfuscate the program

viewtopic.php?f=25&t=134070

Yup well we should all simply refuse to use the app and take caution in using any and all Apps as provided by QNAP. Just stopped and uninstalled this malicious App
OS: Windows 10 Pro Insider Preview Build 17035.rs_prerelease.171103-1616 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay Rackmount - Firmware: 4.3.3.0361 Build 20171101
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: https://forum.qnap.com/viewtopic.php?f=5&t=68954

docentt
New here
Posts: 5
Joined: Fri Feb 24, 2017 7:16 am

Re: Malware Remover - detailed information on the scanning result

Postby docentt » Thu Aug 31, 2017 5:48 pm

Right @Johnno72, I can refuse to use Malware Remover, but it may put me at much higher risk of losing my data. Moreover, If I lose it, QNAP will state it is my fault because I was not protecting myself against malware!
I bought QNAP because I wanted to be sure my data is safe and I can access it anywhere and anytime.

When I see logs like those below, I am scared that, something wrong is happening. Either it is a failure of the Malware Remover or it is a real infection (I really doubt I have been reinfected 4 times within 3 seconds).

Code: Select all

Type   Date   Time   Users   Source IP   Computer name   Content   
Information   2017/08/31   03:00:15   System   127.0.0.1   localhost   [MalwareRemover] Scan completed and malware deleted.   
Information   2017/08/31   03:00:14   System   127.0.0.1   localhost   [MalwareRemover] Scan completed and malware deleted.   
Information   2017/08/31   03:00:13   System   127.0.0.1   localhost   [MalwareRemover] Scan completed and malware deleted.   
Information   2017/08/31   03:00:12   System   127.0.0.1   localhost   [MalwareRemover] Scan completed and malware deleted.   
Information   2017/08/31   03:00:12   System   127.0.0.1   localhost   [MalwareRemover] Scan completed and malware deleted.   


Anyway, I am pretty close to the decision to disconnect my QNAP from the network. If it happens, having QNAP will make no more sense for me.

@QNAP:
There is a lot of people and institutions using QNAP because of my advice. I think that, if there will be no response from your side soon, it is time to warn them.
Continuing policy like that is a very big opportunity for your competitors!
As @OneCD wrote in another post, it is essential for the administrator to be able to find the vector of infection.

3rdparty
Starting out
Posts: 31
Joined: Thu Jul 21, 2011 1:22 am

Re: Malware Remover - detailed information on the scanning result

Postby 3rdparty » Thu Sep 21, 2017 3:27 am

I was getting the same report from Malware Remover with out any further detail. Opened a ticket with QNAP support and sent logs - was just advised:

We found a report which was logged last week. The message you are receiving is a false positive. Our HQ have advised the issue has been fixed in Malware Remover version 2.2.2.

When the QNAP locates a Malware and removes a file the message printed will list the file.

User avatar
Johnno72
Know my way around
Posts: 222
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: Malware Remover - detailed information on the scanning result

Postby Johnno72 » Thu Sep 21, 2017 5:48 am

Perhaps the recommended Malware app isn't capable currently of further information on the what's, when's, where's, why's of it's actions, would depend on the definition database and where they obtain that from.

Just transparency rather than deleting the suspicious file it should be moved to a Quarantine folder where we can then inspect the file for issues then we can allow or delete.

Qfinder can flash an Amber warning and email instantly to pre-set email address is easy to say more complicated to code I guess.
OS: Windows 10 Pro Insider Preview Build 17035.rs_prerelease.171103-1616 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay Rackmount - Firmware: 4.3.3.0361 Build 20171101
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: https://forum.qnap.com/viewtopic.php?f=5&t=68954


Return to “Features Wanted”

Who is online

Users browsing this forum: No registered users and 6 guests