Mailing List Archive

On 06.05.21 11:52, Chellini Stefano via clamav-users wrote:
>> Hi , the automatic update doesn’t works for a few times.
>> Till now , I downloaded the *.cvd files and imported manually on QNAP storage interface
>> Now , the cvd files are not available to download
>> Can you help me to check if it is possible to enable the automatic update or available the files that I can download ?

seems that most of QNAP appliances run version of Clamav older than 0.100
(those versions are not supported).

Isn't your QNAP NAS eoled ?
https://www.qnap.com/en/product/eol.php

Also, many QNAP appliances have less than 1GB of RAM. ClamAV needs more (2GB
or more is recommended).

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

My QNAP NAS It is EOL , it is TS419-PII

Is it available an option to upgrade the antivirus on it ?

> Il giorno 6 mag 2021, alle ore 12:15, Matus UHLAR - fantomas <uhlar@fantomas.sk> ha scritto:
>
> On 06.05.21 11:52, Chellini Stefano via clamav-users wrote:
>>> Hi , the automatic update doesn’t works for a few times.
>>> Till now , I downloaded the *.cvd files and imported manually on QNAP storage interface
>>> Now , the cvd files are not available to download
>>> Can you help me to check if it is possible to enable the automatic update or available the files that I can download ?
>
> seems that most of QNAP appliances run version of Clamav older than 0.100 (those versions are not supported).
>
> Isn't your QNAP NAS eoled ?
> https://www.qnap.com/en/product/eol.php
>
> Also, many QNAP appliances have less than 1GB of RAM. ClamAV needs more (2GB
> or more is recommended).
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Windows found: (R)emove, (E)rase, (D)elete
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 06.05.21 12:19, Chellini Stefano via clamav-users wrote:
>My QNAP NAS It is EOL , it is TS419-PII
>
>Is it available an option to upgrade the antivirus on it ?

it should be installable through entware package, but as it only has 512MB
of RAM, it's largely useless there (may not work properly).

>> Il giorno 6 mag 2021, alle ore 12:15, Matus UHLAR - fantomas <uhlar@fantomas.sk> ha scritto:
>>
>> On 06.05.21 11:52, Chellini Stefano via clamav-users wrote:
>>>> Hi , the automatic update doesn’t works for a few times.
>>>> Till now , I downloaded the *.cvd files and imported manually on QNAP storage interface
>>>> Now , the cvd files are not available to download
>>>> Can you help me to check if it is possible to enable the automatic update or available the files that I can download ?
>>
>> seems that most of QNAP appliances run version of Clamav older than 0.100 (those versions are not supported).
>>
>> Isn't your QNAP NAS eoled ?
>> https://www.qnap.com/en/product/eol.php
>>
>> Also, many QNAP appliances have less than 1GB of RAM. ClamAV needs more (2GB
>> or more is recommended).

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Thu, 6 May 2021, Matus UHLAR - fantomas wrote:
> On 06.05.21 12:19, Chellini Stefano via clamav-users wrote:
>> My QNAP NAS It is EOL , it is TS419-PII
>>
>> Is it available an option to upgrade the antivirus on it ?
>
> it should be installable through entware package, but as it only has 512MB
> of RAM, it's largely useless there (may not work properly).

QNAP devices have been mentioned several times on this list recently.

A very little searching will reveal why.

There seems to be little doubt that the responses to the reports by
researchers of critical vulnerabilities have left much to be desired:

https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
https://portswigger.net/daily-swig/qnap-fixes-critical-rce-vulnerabilities-in-nas-devices
https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnerable-to-remote-takeover-attacks/

If you own one of these devices, I guess that these blog posts make
uncomfortable reading.

Even if it would be capable of running ClamAV, installing it on any
vulnerable device would be pointless; this would not magically make
the device any less vulnerable. The vulnerabilities can only be fixed
by security patches or upgrades, or perhaps by some serious hacking
which is likely to be well beyond the average user.

My view is that given their dubious history, QNAP devices should be
taken out of service unless they're in environments protected by
people who *really* know what they're doing - people who can create a
demonstrably safe firewall configuration. Again well beyond average.

Otherwise, these things are just compromises waiting to happen.

They're powerful enough to be attractive targets. They're easy enough
to find. Even when up to date with patches, next time around we'll
probably see the same unsatisfactory response leave more low-hanging
fruit for the criminals. They represent risk not just to their users,
but, after they're taken over for use as part of the extensive and
ever-growing criminal infrastructure, to the rest of us as well.

Do us all a favour and get rid of them.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

All these stories about QNAP (etc.) make me glad that I build my own servers, rather than getting some easy-to-setup, but non-upgradable, box. (E.g., I'm running 0.103.2, at the minor cost of having to build it from source.)


On Thu, 6 May 2021 13:18:20 +0100 (BST)
"G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Thu, 6 May 2021, Matus UHLAR - fantomas wrote:
> > On 06.05.21 12:19, Chellini Stefano via clamav-users wrote:
> >> My QNAP NAS It is EOL , it is TS419-PII
> >>
> >> Is it available an option to upgrade the antivirus on it ?
> >
> > it should be installable through entware package, but as it only has 512MB
> > of RAM, it's largely useless there (may not work properly).
>
> QNAP devices have been mentioned several times on this list recently.
>
> A very little searching will reveal why.
>
> There seems to be little doubt that the responses to the reports by
> researchers of critical vulnerabilities have left much to be desired:
>
> https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
> https://portswigger.net/daily-swig/qnap-fixes-critical-rce-vulnerabilities-in-nas-devices
> https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnerable-to-remote-takeover-attacks/
>
> If you own one of these devices, I guess that these blog posts make
> uncomfortable reading.
>
> Even if it would be capable of running ClamAV, installing it on any
> vulnerable device would be pointless; this would not magically make
> the device any less vulnerable. The vulnerabilities can only be fixed
> by security patches or upgrades, or perhaps by some serious hacking
> which is likely to be well beyond the average user.
>
> My view is that given their dubious history, QNAP devices should be
> taken out of service unless they're in environments protected by
> people who *really* know what they're doing - people who can create a
> demonstrably safe firewall configuration. Again well beyond average.
>
> Otherwise, these things are just compromises waiting to happen.
>
> They're powerful enough to be attractive targets. They're easy enough
> to find. Even when up to date with patches, next time around we'll
> probably see the same unsatisfactory response leave more low-hanging
> fruit for the criminals. They represent risk not just to their users,
> but, after they're taken over for use as part of the extensive and
> ever-growing criminal infrastructure, to the rest of us as well.
>
> Do us all a favour and get rid of them.
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>>On 06.05.21 12:19, Chellini Stefano via clamav-users wrote:
>>>My QNAP NAS It is EOL , it is TS419-PII
>>>
>>>Is it available an option to upgrade the antivirus on it ?

>On Thu, 6 May 2021, Matus UHLAR - fantomas wrote:
>>it should be installable through entware package, but as it only has 512MB
>>of RAM, it's largely useless there (may not work properly).

On 06.05.21 13:18, G.W. Haywood via clamav-users wrote:
>QNAP devices have been mentioned several times on this list recently.
[...]
>Do us all a favour and get rid of them.

easies would be to say: Do not expose QNAP devices to the internet.

However, the main problem here is:

Old QNAP devices with <=1GB RAM won't run ClamAV, you can use them for
storage, but if you need virus scanning, do that externally.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Fri, 7 May 2021, Matus UHLAR - fantomas wrote:

> easies would be to say: Do not expose QNAP devices to the internet.

It's easy for us.

It's not easy for most people - who for example don't know that even
if their their firewall claims to block access from the Internet to
the NAS device, it's quite possible that their printer provides a
route to it of which they are unaware.

If Fermilab can't get this right, what chance has Joe Public?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml