I can answer this and provide an update to my pursuits over the last few days as well.
I mounted the NAS drives to my MacBook and ran Avira (I beta test for Avira and used their recent beta update app) to scan the network shares. That found two general items in what appeared to be the timemachine shares. Unfortunately the descriptions were very general and not specific to what malware if any they were. I believe one was classified as a vulnerability and other a potential malware. Either way Avira quarantined them and I reviewed and deleted both.
I then downloaded BitDefender for Mac's Friday night and ran that. Initially it was taking well over 12-14 hours so Saturday I redid the scan to just scan the shares other than timemachines and will redo the timemachine ones one at a time to see if that speeds the scans up. I also had FTP on and had port 2020 forwarding to the internal FTP port. i just turned that on mid last week as I was trying to get into it via FTP to see if I could tool around and check the folders/etc but that seems locked down. Beyond that I had a port forward setup for 8082 externally to route to internal port 80 on the device to remote login. I have a 15+ character password for admin that uses numbers, letters, caps, and symbols and would be difficult to crack. It's not reused outside of my internal devices. I also tried my hand at ACP Commander (Yes I know it voids the warranty but the device is many years old) to try and get into a SSH setup to see if I can see more logging or things that look off, but when I ran the original dmg file it said the file was broken and I couldn't get it to run (I have Mojave GM on my macbook and I think it was blocking the file from running) and ensure java was installed correctly. When I ran the .jar file it would open but not locate my NAS automatically and I couldn't figure out how to fix that.
I've not seen an alert like the ones that started this in the last two days (but there was one after the Avira scan and findings).
As for options I think you mean like web services or network services right? So right now only webaccess is on and the ports associated with them are open via UPnP (6881 UDP, 34006 TCP, and 6881 TCP). I have the email for alerts turned on and get a Linkstation report email to me every morning at 12am EST but it doesn't provide access logs, outbound logs etc. It simply says that it's running, what the size is for each share, how much use on each, and percentage of use etc. I had tooled around with the other options before but they were all off when I was going through the device trying to figure this out.
Really would be nice to have some logging option to turn on for stuff like this. Hopefully someone from Buffalo is reading this and can put a bug in a dev's ear for a firmware update to provide this under "advanced" settings tab or something.