Anti Virus Warning (Synology with exe files)

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
desperado591
Newbie
Newbie
Posts: 47
Joined: April 24th, 2017, 8:51 am

Anti Virus Warning (Synology with exe files)

Post by desperado591 »

Hi,

I am running SABnzbd on my Synology NAS and it works very well.
Yesterday the Synology Anti Virus Programm gave me some alarms regarding 4 files located in the SABnzbd installation path:

Image

Is that a problem of SABnzbd or is it python based? Shall I anounce it in the Synology forum?

Thanks in advance for your help.
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Anti Virus Warning (Synology with exe files)

Post by sander »

Sabnzbd on Synologye (thus: Linux) contains exe files ... ? ... "interesting"

@safihre ... any reason for that?

I checked my own Synology:

Code: Select all

$ ls -al /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/*exe
-rw-r--r-- 1 root root  92672 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/t32.exe
-rw-r--r-- 1 root root 102400 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/t64.exe
-rw-r--r-- 1 root root  89088 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/w32.exe
-rw-r--r-- 1 root root  99328 Dec 25 11:58 /usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib/w64.exe
Ouch.

@desperado591 ... I assume it's a false positive, maybe because of an out-of-date virusscanner on your Synology?

To verify: you can put those exe files (or their md5sum) into virustotal, and let virustotal (with 71 uptodate virusscanners) decide ...
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Anti Virus Warning (Synology with exe files)

Post by sander »

... so let's do that:

Code: Select all

admin@DiskStation:/usr/local/sabnzbd/env/lib/python2.7/site-packages/pip/_vendor/distlib$ md5sum *exe
e0ba77913fc27742f75096c4c0489009  t32.exe
5cb5adb9d9b10cc96ca71e9dce5e5085  t64.exe
f30b517d6af5055652cf5ab87c280e4a  w32.exe
f1a5b63dffc2a9da17cf42f78fd94da4  w64.exe
... feed those md5's into virustotal:

https://www.virustotal.com/#/file/7edb9 ... /detection
https://www.virustotal.com/#/file/88284 ... /detection
https://www.virustotal.com/#/file/34f60 ... /detection
https://www.virustotal.com/#/file/61bfa ... /detection

On 1 and 3, only "trapmine" gives an alert ... all other 70 virusscanners say "Clean"
2 and 4: 71 virusscanners say "Clean"


So ... I dare to bet your virusscanner is incorrect.

Still ... why are there exe files from SABnzbd on a Synology ... ???
desperado591
Newbie
Newbie
Posts: 47
Joined: April 24th, 2017, 8:51 am

Re: Anti Virus Warning (Synology with exe files)

Post by desperado591 »

Thanks for your quick answer :)
The Virus Scanner on my Syno is updating every day, so it shouldn´t be out of date I guess. Maybe it was just alerted, because it did not expect exe files on the Linux system *gg*
User avatar
safihre
Administrator
Administrator
Posts: 5339
Joined: April 30th, 2015, 7:35 am
Contact:

Re: Anti Virus Warning (Synology with exe files)

Post by safihre »

This is packaged with Python system parts itself (Pip), no idea why. But not packaged as part of Sab.
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Post Reply