Malware alert help

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
eniggli
First post
Posts: 1
Joined: Sun Aug 03, 2014 6:10 pm

Re: Malware alert help

Post by eniggli »

I got the same warnings starting August 30, 3 AM UTC, when my daily scan runs.

NAS: TS-219+
QTS:4.3.3.0998

From all postings, I would assume its a false positive. Hopefully, QNAP will come up with a explanation / solution.

Removing and re-installing Malware Remover (with intermediate reboot) did not solve the problem.

Ernst
Last edited by eniggli on Sat Aug 31, 2019 12:46 am, edited 1 time in total.
Vortax
Starting out
Posts: 32
Joined: Fri Aug 03, 2018 5:11 pm

Re: Malware alert help

Post by Vortax »

jelv1 wrote: Fri Aug 30, 2019 4:23 pm I keep getting the same three messages in the log (three times so far). Each time when I go to the application centre there is a different application needing updating. This morning it is Cloud Backup Sync.

Current version is V2.1.670 (installation date 2019/08/29). It wants to update to V2.1.671 which was apparently released 2019/07/16. Looking at the change log there is no mention of version 2.1.670. But 671 says "Added support for code signing".

My guess is that they have made a mess of code signing for the applications and we are going to have to work through updating them until they get all the signing right
I think you have a point here.

HBS3 was just updated to v3.0.190829 (date when all this warnings started).

But that version is not listed in the changelog, where last version listed is 3.0.190812

https://www.qnap.com/en/app_releasenote ... bridBackup

I'm more and more convinced that QNAP somehow facked up their app signatures, and that is related to those false positives.

I'm pretty sure they will update whatever they need to silently fix the issue, and they will not give an official answer at all.
homeuser2019
New here
Posts: 5
Joined: Thu Aug 29, 2019 10:41 pm

Re: Malware alert help

Post by homeuser2019 »

Ran another scan this morning (I didnt uninstall the app) and nothing comes up now so it looks to be more and more a false positive.

So wasted time trying to figure out if this was a legit warning or not because there was no actual details. Dont get me wrong, false positives are a thing and will always been something an enterprise will deal with. However give your users some power to be proactive if a warning pops up
User avatar
Josvls
Starting out
Posts: 32
Joined: Thu Apr 26, 2018 2:15 am

Re: Malware alert help

Post by Josvls »

Vortax wrote:
jelv1 wrote: Fri Aug 30, 2019 4:23 pm I keep getting the same three messages in the log (three times so far). Each time when I go to the application centre there is a different application needing updating. This morning it is Cloud Backup Sync.

Current version is V2.1.670 (installation date 2019/08/29). It wants to update to V2.1.671 which was apparently released 2019/07/16. Looking at the change log there is no mention of version 2.1.670. But 671 says "Added support for code signing".

My guess is that they have made a mess of code signing for the applications and we are going to have to work through updating them until they get all the signing right
I think you have a point here.

HBS3 was just updated to v3.0.190829 (date when all this warnings started).

But that version is not listed in the changelog, where last version listed is 3.0.190812

https://www.qnap.com/en/app_releasenote ... bridBackup

I'm more and more convinced that QNAP somehow facked up their app signatures, and that is related to those false positives.

I'm pretty sure they will update whatever they need to silently fix the issue, and they will not give an official answer at all.
Agree!!! I have just installed a new HBS version posted in app center an hour ago and I’m still getting malware notifications after each reboot.
Proggie
Starting out
Posts: 36
Joined: Tue Nov 02, 2010 9:56 am

Re: Malware alert help

Post by Proggie »

Josvls wrote:
Vortax wrote:
jelv1 wrote: Fri Aug 30, 2019 4:23 pm I keep getting the same three messages in the log (three times so far). Each time when I go to the application centre there is a different application needing updating. This morning it is Cloud Backup Sync.

Current version is V2.1.670 (installation date 2019/08/29). It wants to update to V2.1.671 which was apparently released 2019/07/16. Looking at the change log there is no mention of version 2.1.670. But 671 says "Added support for code signing".

My guess is that they have made a mess of code signing for the applications and we are going to have to work through updating them until they get all the signing right
I think you have a point here.

HBS3 was just updated to v3.0.190829 (date when all this warnings started).

But that version is not listed in the changelog, where last version listed is 3.0.190812

https://www.qnap.com/en/app_releasenote ... bridBackup

I'm more and more convinced that QNAP somehow facked up their app signatures, and that is related to those false positives.

I'm pretty sure they will update whatever they need to silently fix the issue, and they will not give an official answer at all.
Agree!!! I have just installed a new HBS version posted in app center an hour ago and I’m still getting malware notifications after each reboot.
Cloud Backup Sync 2.1.671 seems to be the issue. After a restart the Malware Remover removes it and I get the warnings and I'm back at 2.1.670. But then qnap says that it needs updating. When I update it again to 2.1.671 and then restart the qnap the cycle starts over again with the warnings and back to version 2.1.670.


Sent from my iPhone using Tapatalk
TS-419P 4.3.3.1315 Build 20200611
Vortax
Starting out
Posts: 32
Joined: Fri Aug 03, 2018 5:11 pm

Re: Malware alert help

Post by Vortax »

Proggie wrote: Sat Aug 31, 2019 1:20 am
Josvls wrote:
Vortax wrote:
jelv1 wrote: Fri Aug 30, 2019 4:23 pm I keep getting the same three messages in the log (three times so far). Each time when I go to the application centre there is a different application needing updating. This morning it is Cloud Backup Sync.

Current version is V2.1.670 (installation date 2019/08/29). It wants to update to V2.1.671 which was apparently released 2019/07/16. Looking at the change log there is no mention of version 2.1.670. But 671 says "Added support for code signing".

My guess is that they have made a mess of code signing for the applications and we are going to have to work through updating them until they get all the signing right
I think you have a point here.

HBS3 was just updated to v3.0.190829 (date when all this warnings started).

But that version is not listed in the changelog, where last version listed is 3.0.190812

https://www.qnap.com/en/app_releasenote ... bridBackup

I'm more and more convinced that QNAP somehow facked up their app signatures, and that is related to those false positives.

I'm pretty sure they will update whatever they need to silently fix the issue, and they will not give an official answer at all.
Agree!!! I have just installed a new HBS version posted in app center an hour ago and I’m still getting malware notifications after each reboot.
Cloud Backup Sync 2.1.671 seems to be the issue. After a restart the Malware Remover removes it and I get the warnings and I'm back at 2.1.670. But then qnap says that it needs updating. When I update it again to 2.1.671 and then restart the qnap the cycle starts over again with the warnings and back to version 2.1.670.


Sent from my iPhone using Tapatalk
I don't have cloud backup sync installed, but I think HBS3 includes cloud backup sync. Unfortunately, cloud backup sync is no longer listed for me in the app center, so I don't know what version HBS3 correlates to CBS.

If you reboot and not update CBS to 2.1.671 (just keep it at 2.1.670), do you still get the warning? If not, and warning reappears after updating to 2.1.671, then we already discovered what is causing this.
spacesimon
Starting out
Posts: 36
Joined: Thu Jan 12, 2017 8:53 pm

Re: Malware alert help

Post by spacesimon »

Mines definitely related to HBS3 in some way after spending a day on it.

Downgraded to HBS2 after HBS3 proved not ready for my needs. This was a week ago.

Was fine till yesterday. Same alert as everyone else.

I’m more concerned about the fact that Malware Remover ran at an unscheduled time.
Proggie
Starting out
Posts: 36
Joined: Tue Nov 02, 2010 9:56 am

Re: Malware alert help

Post by Proggie »

Vortax wrote: I don't have cloud backup sync installed, but I think HBS3 includes cloud backup sync. Unfortunately, cloud backup sync is no longer listed for me in the app center, so I don't know what version HBS3 correlates to CBS.

If you reboot and not update CBS to 2.1.671 (just keep it at 2.1.670), do you still get the warning? If not, and warning reappears after updating to 2.1.671, then we already discovered what is causing this.
I still get the warning when not updating to 2.1.671 after rebooting.


Sent from my iPhone using Tapatalk
TS-419P 4.3.3.1315 Build 20200611
Proggie
Starting out
Posts: 36
Joined: Tue Nov 02, 2010 9:56 am

Re: Malware alert help

Post by Proggie »

Just got this from support:

"Today Malware Remover rules were updated but there is a false-positive bug.
The rules have already been rolled back but you must re-install Malware Remover to resolve this bug."

Will try when I get home.


Sent from my iPhone using Tapatalk
TS-419P 4.3.3.1315 Build 20200611
critchlg
Starting out
Posts: 25
Joined: Tue Nov 10, 2009 3:19 am
Location: Australia

Re: Malware alert help

Post by critchlg »

+1
Received a flood of emails from my customer QNAPs advising to change possibly hundreds of passwords. It would be nice if they could follow up the false positive with a stand down notice, or at least give us some visibility to work with the details of the Malware trigger. It's all a bit light on details.
Vortax
Starting out
Posts: 32
Joined: Fri Aug 03, 2018 5:11 pm

Re: Malware alert help

Post by Vortax »

Proggie wrote: Sat Aug 31, 2019 7:53 am Just got this from support:

"Today Malware Remover rules were updated but there is a false-positive bug.
The rules have already been rolled back but you must re-install Malware Remover to resolve this bug."

Will try when I get home.


Sent from my iPhone using Tapatalk
Great, thanks, please keep us updated when you try this.
Proggie
Starting out
Posts: 36
Joined: Tue Nov 02, 2010 9:56 am

Re: Malware alert help

Post by Proggie »

Vortax wrote:
Proggie wrote: Sat Aug 31, 2019 7:53 am Just got this from support:

"Today Malware Remover rules were updated but there is a false-positive bug.
The rules have already been rolled back but you must re-install Malware Remover to resolve this bug."

Will try when I get home.


Sent from my iPhone using Tapatalk
Great, thanks, please keep us updated when you try this.
Seems to have worked


Sent from my iPhone using Tapatalk
TS-419P 4.3.3.1315 Build 20200611
User avatar
Josvls
Starting out
Posts: 32
Joined: Thu Apr 26, 2018 2:15 am

Re: Malware alert help

Post by Josvls »

Proggie wrote:
Vortax wrote:
Proggie wrote: Sat Aug 31, 2019 7:53 am Just got this from support:

"Today Malware Remover rules were updated but there is a false-positive bug.
The rules have already been rolled back but you must re-install Malware Remover to resolve this bug."

Will try when I get home.


Sent from my iPhone using Tapatalk
Great, thanks, please keep us updated when you try this.
Seems to have worked


Sent from my iPhone using Tapatalk
Not working for me. Can anyone confirm?
Vortax
Starting out
Posts: 32
Joined: Fri Aug 03, 2018 5:11 pm

Re: Malware alert help

Post by Vortax »

Unfortunately, my NAS is currently caught in a known RAID migration bug which makes migration from raid 5 to 6 extra painfully slow (6.5MB/s at most), so, migration is taking more than 3 weeks... I cannot rebot the NAS until migration is completed (several days left), so, I will not be able to confirm.
dr_jon
Easy as a breeze
Posts: 253
Joined: Thu Feb 10, 2011 10:03 pm
Location: West London

Re: Malware alert help

Post by dr_jon »

I did the remove and reinstall Malware Remover suggestion, but it still reported Malware on a reboot and nuked the Cloud Backup app as always.
TS-453A, TS-253A, TS-431P3, TS-419P+, hopefully that's it for a while...
Post Reply

Return to “Miscellaneous”