search

linuxserver / docker-sonarr

GNU General Public License v3.0
809 stars 141 forks source link

RDN/genericelf Virus Quarantined on QNAP #289

Closed gsbba closed 7 months ago

gsbba commented 7 months ago

Is there an existing issue for this?

Current Behavior

Installed SabNZB, Sonarr etc on QNAP Container using Docker and Macafee picked up RDN/genericelf @ below item, Disnt get picked up when I only installed NZBGet. Once quarentined it kills the Dockers but Plex Docker works fine.

/share/Container/container-station-data/lib/docker/overlay2/dfc174294f7ef48a25b154e882b5ec26ae53d2aea96d73efe4adc7db5cd5b5e4/diff/bin/busybox

Expected Behavior

Unknown

Steps To Reproduce

Install Docker and run virus scan

Environment

- OS:QNAP
- How docker service was installed:Through Container Station 3

CPU architecture

x86-64

Docker creation

Through Container Station

Container logs

{
AppArmorProfile:"docker-default"
Args:[]
Config:{}
Created:"2024-03-24T04:32:36.064204862Z"
Driver:"overlay2"
GraphDriver:{}
HostConfig:{}
HostnamePath:"/share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/containers/55f6ebf9e899d5c24cdb85bd1a7a8e36bbbdfc70e38440de6f25c626496add80/hostname"
HostsPath:"/share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/containers/55f6ebf9e899d5c24cdb85bd1a7a8e36bbbdfc70e38440de6f25c626496add80/hosts"
Id:"55f6ebf9e899d5c24cdb85bd1a7a8e36bbbdfc70e38440de6f25c626496add80"
Image:"sha256:40ff6aa4ce256579f27cecd4d238098ceed26b2be6237924f7dc7d0763096820"
LogPath:"/share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/containers/55f6ebf9e899d5c24cdb85bd1a7a8e36bbbdfc70e38440de6f25c626496add80/55f6ebf9e899d5c24cdb85bd1a7a8e36bbbdfc70e38440de6f25c626496add80-json.log"
MountLabel:""
Mounts:[]
Name:"/sonarr"
NetworkSettings:{}
Path:"/init"
Platform:"linux"
ProcessLabel:""
ResolvConfPath:"/share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/containers/55f6ebf9e899d5c24cdb85bd1a7a8e36bbbdfc70e38440de6f25c626496add80/resolv.conf"
RestartCount:0
State:{}
github-actions[bot] commented 7 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

aptalca commented 7 months ago

Most likely false positive. This is where that binary comes from: https://pkgs.alpinelinux.org/package/v3.19/main/x86_64/busybox

Plex is on an Ubuntu base, not alpine, so it doesn't have busybox.

Obligatory: Friends don't let friends use McAfee

gsbba commented 7 months ago

Looks like it is a virus and its infected plex overlay folder now as well. Have to stop using Dockers for q sonar, radarr and sab.

homerr commented 7 months ago

Or, McAfee is overzealous. Those executables come from alpine, you can trace the heritage back for proof.

Closing this out as McAfee is lunacy.