We got an automated notice from one of the big search engines that both
http://ftpmirror.your.org and
http://dumps.wikimedia.your.org were hosting some
unspecified malware. I've verified nothing on the mirror box itself is compromised
from the best I can tell, which leaves them being unhappy with something that we're
mirroring.
I've started ClamAV scanning the whole public volume, but that's going to take
quite a while (+20 million files, 80TB of data). The only thing it's complained about
so far is:
http://ftpmirror.your.org/pub/wikimedia/images/wiktionary/fj/c/c4/citibank-…
which was making the scanner crash. I don't see anything wrong with the file itself
though.
Is it possible someone could have uploaded something at one point that was malicious and
it's still floating around in the archives that got pushed to us?
-- Kevin