Advertisements
«
»

Synology Antivirus Essential detects PHP.Exploit.CVE_2015_2331-3

Today my DiskStation emailed me about detecting malware in the system files. When I looked at the log, I saw this:

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

It appears this is a false positive in the ClamAV database.

Further reading: https://www.clamxav.com/BB/viewtopic.php?f=1&t=4186&hilit=php.exploit

If your Synology reports the same, simply restore the quarantined file, update virus definitions, and re-scan. It should come up clean. If you had configured Antivirus Essential to automatically delete files, you may have to restore the DSM OS to get the file back.

Advertisements

,

This entry was posted on August 29, 2015, 3:10 pm and is filed under Uncategorized. You can follow any responses to this entry through RSS 2.0. Both comments and pings are currently closed.

  1. #1 by rlescaille on August 30, 2015 - 2:18 pm

    I had the exact same notification when I woke up this morning. I also found the same ClamAV thread you found and updated my virus definitions before restoring and re-scanning. No issues since. Glad it’s a false positive but admittedly my heart did skip a beat. Glad I found your post.

  2. #2 by Chris on August 31, 2015 - 2:22 am

    Me three!

    Maybe one NAS isn’t enough. :)