Malware Remover - detailed information on the scanning result

Tell us your most wanted features from QNAP products.
docentt
New here
Posts: 6
Joined: Fri Feb 24, 2017 7:16 am

Malware Remover - detailed information on the scanning result

Post by docentt »

Any detailed information on the result of the Malware Remover scanning process would be very, very helpful.
At the moment, if a malware is detected remover ends with the following entry in the log: "[MalwareRemover] Scan completed and malware deleted."
There is no information what kind of malware, in which location it has been found etc.

I got information about the infection every day for more than a few weeks in a row and I am not able to track the source of the problem!
I don't know whether this is Malware Remover false positive error or there is some user who infects my qnap every day.

Regards
Tomasz
User avatar
dolbyman
Guru
Posts: 35008
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Post by dolbyman »

qnap does not want to show it..they obfuscate it on purpose..one member tried to find out and was censored by qnap (the member left as a consequence)

so don't hold your breath for more transparency from qnap
docentt
New here
Posts: 6
Joined: Fri Feb 24, 2017 7:16 am

Re: Malware Remover - detailed information on the scanning result

Post by docentt »

Any news concerning the feature?

Recently, my QNAP runs Malware Remover randomly resulting in multiple communicates e.g. in 1 minute period it can generate 5 messages:

Code: Select all

Type	Date	Time	Users	Source IP	Computer name	Content	
Information	2017/08/30	10:30:52	System	127.0.0.1	localhost	[MalwareRemover] Scan completed.	
Information	2017/08/30	10:30:50	System	127.0.0.1	localhost	[MalwareRemover] Scan completed.	
Information	2017/08/30	10:30:09	System	127.0.0.1	localhost	[MalwareRemover] Scan completed.	
Information	2017/08/30	10:30:00	System	127.0.0.1	localhost	[MalwareRemover] Scan completed and malware deleted.	
Information	2017/08/30	10:29:59	System	127.0.0.1	localhost	[MalwareRemover] Scan completed and malware deleted.	
The above is strange and scares me. I don't know whether it is caused by an error in Malware Remover or this is a real malware infection!
More detailed information from Malware Remover would calm me down and in my opinion is a must have feature.
User avatar
dolbyman
Guru
Posts: 35008
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Post by dolbyman »

don't think qnap's position has changed on this

contact them directly via ticket to complain (we can't do anything about it)
User avatar
Johnno72
Easy as a breeze
Posts: 378
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: Malware Remover - detailed information on the scanning result

Post by Johnno72 »

dolbyman wrote:qnap does not want to show it..they obfuscate it on purpose..one member tried to find out and was censored by qnap (the member left as a consequence)

so don't hold your breath for more transparency from qnap
The way I read this is that QNAP could be deleting competitor software or apps and simply take this road to hide their behaviour which does not put them in a nice position in peoples minds. Transparency will get more people using their products, hiding behind their ignorance and arrogance will undoubtedly catch up with them very fast across business and personal user bases.

They don't have the right to delete anything from any NAS unless they actually own that NAS, in this situation they don't own the NAS, we do and rightly so paying substantial price for their products, all people want from QNAP is transparency in their operation and items such as deletion of a possible threat without any logs being written is treading a very fine line and may come back to bite them in the butts if a business wishes to take this matter further in the courts.

If QNAP have nothing to hide then deleting private files on private equipment should be 100% logged including file, path, result and outcome. I would not at all be surprised to see this scan actually disabled on private NAS's by a lot of people and admins., after al there are other scanners out there to replace QNAP's.

Disgusting behaviour by QNAP and they can ignore people all they want, it remains regardless, bad behaviour of hiding the process and outcome of a positive result.
OS: Win10 Professional v2004 OS Build 19041.388 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay - Firmware: v4.4.3.1421 build 20200907. Updated from v4.4.3.1400 Build 20200817 Official
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: viewtopic.php?f=5&t=68954
Remote Administration of: TVS-863+ 16G on UPS Cyberpower OLS1500E+RMcard205
User avatar
dolbyman
Guru
Posts: 35008
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Post by dolbyman »

the malware remover is an optional app, so the user has to actively install it

here is the old thread with QNAP's decision to obfuscate the program

viewtopic.php?f=25&t=134070
User avatar
Johnno72
Easy as a breeze
Posts: 378
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: Malware Remover - detailed information on the scanning result

Post by Johnno72 »

dolbyman wrote:the malware remover is an optional app, so the user has to actively install it

here is the old thread with QNAP's decision to obfuscate the program

viewtopic.php?f=25&t=134070
Yup well we should all simply refuse to use the app and take caution in using any and all Apps as provided by QNAP. Just stopped and uninstalled this malicious App
OS: Win10 Professional v2004 OS Build 19041.388 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay - Firmware: v4.4.3.1421 build 20200907. Updated from v4.4.3.1400 Build 20200817 Official
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: viewtopic.php?f=5&t=68954
Remote Administration of: TVS-863+ 16G on UPS Cyberpower OLS1500E+RMcard205
docentt
New here
Posts: 6
Joined: Fri Feb 24, 2017 7:16 am

Re: Malware Remover - detailed information on the scanning result

Post by docentt »

Right @Johnno72, I can refuse to use Malware Remover, but it may put me at much higher risk of losing my data. Moreover, If I lose it, QNAP will state it is my fault because I was not protecting myself against malware!
I bought QNAP because I wanted to be sure my data is safe and I can access it anywhere and anytime.

When I see logs like those below, I am scared that, something wrong is happening. Either it is a failure of the Malware Remover or it is a real infection (I really doubt I have been reinfected 4 times within 3 seconds).

Code: Select all

Type	Date	Time	Users	Source IP	Computer name	Content	
Information	2017/08/31	03:00:15	System	127.0.0.1	localhost	[MalwareRemover] Scan completed and malware deleted.	
Information	2017/08/31	03:00:14	System	127.0.0.1	localhost	[MalwareRemover] Scan completed and malware deleted.	
Information	2017/08/31	03:00:13	System	127.0.0.1	localhost	[MalwareRemover] Scan completed and malware deleted.	
Information	2017/08/31	03:00:12	System	127.0.0.1	localhost	[MalwareRemover] Scan completed and malware deleted.	
Information	2017/08/31	03:00:12	System	127.0.0.1	localhost	[MalwareRemover] Scan completed and malware deleted.	
Anyway, I am pretty close to the decision to disconnect my QNAP from the network. If it happens, having QNAP will make no more sense for me.

@QNAP:
There is a lot of people and institutions using QNAP because of my advice. I think that, if there will be no response from your side soon, it is time to warn them.
Continuing policy like that is a very big opportunity for your competitors!
As @OneCD wrote in another post, it is essential for the administrator to be able to find the vector of infection.
3rdparty
Starting out
Posts: 34
Joined: Thu Jul 21, 2011 1:22 am

Re: Malware Remover - detailed information on the scanning result

Post by 3rdparty »

I was getting the same report from Malware Remover with out any further detail. Opened a ticket with QNAP support and sent logs - was just advised:
We found a report which was logged last week. The message you are receiving is a false positive. Our HQ have advised the issue has been fixed in Malware Remover version 2.2.2.

When the QNAP locates a Malware and removes a file the message printed will list the file.
User avatar
Johnno72
Easy as a breeze
Posts: 378
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: Malware Remover - detailed information on the scanning result

Post by Johnno72 »

Perhaps the recommended Malware app isn't capable currently of further information on the what's, when's, where's, why's of it's actions, would depend on the definition database and where they obtain that from.

Just transparency rather than deleting the suspicious file it should be moved to a Quarantine folder where we can then inspect the file for issues then we can allow or delete.

Qfinder can flash an Amber warning and email instantly to pre-set email address is easy to say more complicated to code I guess.
OS: Win10 Professional v2004 OS Build 19041.388 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay - Firmware: v4.4.3.1421 build 20200907. Updated from v4.4.3.1400 Build 20200817 Official
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: viewtopic.php?f=5&t=68954
Remote Administration of: TVS-863+ 16G on UPS Cyberpower OLS1500E+RMcard205
kbyrd
Starting out
Posts: 41
Joined: Sat Feb 02, 2013 10:36 pm

Re: Malware Remover - detailed information on the scanning result

Post by kbyrd »

dolbyman wrote: Thu Aug 31, 2017 7:25 am the malware remover is an optional app, so the user has to actively install it

here is the old thread with QNAP's decision to obfuscate the program

viewtopic.php?f=25&t=134070
...and as of QTS 4.4.3, it is now installed by default :roll:
User avatar
dolbyman
Guru
Posts: 35008
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Post by dolbyman »

why do dig out a 3 year old thread for this ?
kbyrd
Starting out
Posts: 41
Joined: Sat Feb 02, 2013 10:36 pm

Re: Malware Remover - detailed information on the scanning result

Post by kbyrd »

:oops: My mistake.
I had several tabs open and was following links and didn't check the dates. Sorry for the necropost!
TECH1982
Starting out
Posts: 28
Joined: Wed May 12, 2021 2:16 pm

Re: Malware Remover - detailed information on the scanning result

Post by TECH1982 »

I'm shocked by QNAP by this...

However, the workaround is simple... Don't use it... Use a desktop malware removal tool instead...

Ya i know,, convenience aside, and should be fixed. (dunno if the Latest QTS has solved this yet,), but in the meantime a less more in-convenient approach must be taken..
User avatar
dolbyman
Guru
Posts: 35008
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Malware Remover - detailed information on the scanning result

Post by dolbyman »

a desktop malware removal app..what are you talking about ?
Locked

Return to “Features Wanted”