Hi there - I run plex on my Synology 918+ NAS which runs antivirus software. The Synology picked up a potential virus under the file name tv.plex.agents.music_*** with the Threat being labelled as BC.img.Exploit.CVE-2017-***
Currently this file is quarantined, is it safe to restore or delete it?
I’m not aware of any issues in that area… usually these are false positives (unless you have an ancient system).
However it might help if you could include the actual agent/file and full CVE reference…
Thanks for the reply @tom80H .
I am not sure the NAS is ‘ancient’, and the virus definitions are updated daily.
Hopefully you can see this screen grab, you should be able to zoom in hopefully.
Thanks for any help!
Googled the exploit. Someone else seeing this being caught by their Clam AV being downloaded by Lidarr for a Weezer album on reddit. Filename doesn’t seem to match yours, so maybe a false lead.
Looking up the exploit some more, I found some details on a similar-named exploit on the NVD:
https://nvd.nist.gov/vuln/detail/CVE-2017-16386
Looks like it’s a vulnerability in Adobe Reader that allows a buffer overflow due to its XPS2PDF converter. Not sure how an image file is triggering this. I’d chock it up to a false positive, as a random sequence of bits in an unrelated file happens to look like the exploit for an adobe vulnerability.
Thanks for looking up @Divideby0 , its much appreciated.
Funnily enough I did have plex add a my music library the day before this happened which includes a whole load of Weezer albums. I actually changed my mind anyway, once I had a play around. I have roon for music but was interested to compare.
Anyway, it sounds like I can get rid of the file without any consequences.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
