[clamav-users] Help about Clamava on QNAP

Paul Kosinski clamav-users at iment.com
Thu May 6 17:25:38 UTC 2021 

All these stories about QNAP (etc.) make me glad that I build my own servers, rather than getting some easy-to-setup, but non-upgradable, box. (E.g., I'm running 0.103.2, at the minor cost of having to build it from source.)


On Thu, 6 May 2021 13:18:20 +0100 (BST)
"G.W. Haywood via clamav-users" <clamav-users at lists.clamav.net> wrote:

> Hi there,
> 
> On Thu, 6 May 2021, Matus UHLAR - fantomas wrote:
> > On 06.05.21 12:19, Chellini Stefano via clamav-users wrote:  
> >> My QNAP NAS It is EOL , it is TS419-PII
> >> 
> >> Is it available an option to upgrade the antivirus on it ?  
> >
> > it should be installable through entware package, but as it only has 512MB
> > of RAM, it's largely useless there (may not work properly).  
> 
> QNAP devices have been mentioned several times on this list recently.
> 
> A very little searching will reveal why.
> 
> There seems to be little doubt that the responses to the reports by
> researchers of critical vulnerabilities have left much to be desired:
> 
> https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
> https://portswigger.net/daily-swig/qnap-fixes-critical-rce-vulnerabilities-in-nas-devices
> https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnerable-to-remote-takeover-attacks/
> 
> If you own one of these devices, I guess that these blog posts make
> uncomfortable reading.
> 
> Even if it would be capable of running ClamAV, installing it on any
> vulnerable device would be pointless; this would not magically make
> the device any less vulnerable.  The vulnerabilities can only be fixed
> by security patches or upgrades, or perhaps by some serious hacking
> which is likely to be well beyond the average user.
> 
> My view is that given their dubious history, QNAP devices should be
> taken out of service unless they're in environments protected by
> people who *really* know what they're doing - people who can create a
> demonstrably safe firewall configuration.  Again well beyond average.
> 
> Otherwise, these things are just compromises waiting to happen.
> 
> They're powerful enough to be attractive targets.  They're easy enough
> to find.  Even when up to date with patches, next time around we'll
> probably see the same unsatisfactory response leave more low-hanging
> fruit for the criminals.  They represent risk not just to their users,
> but, after they're taken over for use as part of the extensive and
> ever-growing criminal infrastructure, to the rest of us as well.
> 
> Do us all a favour and get rid of them.
>

More information about the clamav-users mailing list