Anti Virus Warning (Synology with exe files)

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
desperado591
Newbie
Newbie
Posts: 38
Joined: April 24th, 2017, 8:51 am

Anti Virus Warning (Synology with exe files)

Post by desperado591 » January 23rd, 2019, 9:50 am

Hi,

I am running SABnzbd on my Synology NAS and it works very well.
Yesterday the Synology Anti Virus Programm gave me some alarms regarding 4 files located in the SABnzbd installation path:

Image

Is that a problem of SABnzbd or is it python based? Shall I anounce it in the Synology forum?

Thanks in advance for your help.

User avatar
sander
Release Testers
Release Testers
Posts: 6716
Joined: January 22nd, 2008, 2:22 pm

Re: Anti Virus Warning (Synology with exe files)

Post by sander » January 23rd, 2019, 10:10 am

Sabnzbd on Synologye (thus: Linux) contains exe files ... ? ... "interesting"

@safihre ... any reason for that?

I checked my own Synology:

Code: Select all

$ ls -al /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/*exe
-rw-r--r-- 1 root root  92672 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/t32.exe
-rw-r--r-- 1 root root 102400 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/t64.exe
-rw-r--r-- 1 root root  89088 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/w32.exe
-rw-r--r-- 1 root root  99328 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/w64.exe
Ouch.

@desperado591 ... I assume it's a false positive, maybe because of an out-of-date virusscanner on your Synology?

To verify: you can put those exe files (or their md5sum) into virustotal, and let virustotal (with 71 uptodate virusscanners) decide ...

User avatar
sander
Release Testers
Release Testers
Posts: 6716
Joined: January 22nd, 2008, 2:22 pm

Re: Anti Virus Warning (Synology with exe files)

Post by sander » January 23rd, 2019, 10:16 am

... so let's do that:

Code: Select all

[email protected]:/usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib$ md5sum *exe
e0ba77913fc27742f75096c4c0489009  t32.exe
5cb5adb9d9b10cc96ca71e9dce5e5085  t64.exe
f30b517d6af5055652cf5ab87c280e4a  w32.exe
f1a5b63dffc2a9da17cf42f78fd94da4  w64.exe
... feed those md5's into virustotal:

https://www.virustotal.com/#/file/7edb9 ... /detection
https://www.virustotal.com/#/file/88284 ... /detection
https://www.virustotal.com/#/file/34f60 ... /detection
https://www.virustotal.com/#/file/61bfa ... /detection

On 1 and 3, only "trapmine" gives an alert ... all other 70 virusscanners say "Clean"
2 and 4: 71 virusscanners say "Clean"


So ... I dare to bet your virusscanner is incorrect.

Still ... why are there exe files from SABnzbd on a Synology ... ???

desperado591
Newbie
Newbie
Posts: 38
Joined: April 24th, 2017, 8:51 am

Re: Anti Virus Warning (Synology with exe files)

Post by desperado591 » January 23rd, 2019, 10:22 am

Thanks for your quick answer :)
The Virus Scanner on my Syno is updating every day, so it shouldn´t be out of date I guess. Maybe it was just alerted, because it did not expect exe files on the Linux system *gg*

User avatar
safihre
Administrator
Administrator
Posts: 3292
Joined: April 30th, 2015, 7:35 am
Location: Switzerland
Contact:

Re: Anti Virus Warning (Synology with exe files)

Post by safihre » January 23rd, 2019, 6:27 pm

This is packaged with Python system parts itself (Pip), no idea why. But not packaged as part of Sab.

Post Reply