On Jul 1, 2012, at 10:13 PM, Hydriz Wikipedia wrote:
As far as I know, the chances are rather slim, because
the MediaWiki software has a malware checker (I think).
Perhaps we shall see what outputs from the ClamAV checking, before we can know what is
happening.
I've been having a lot of problems with ClamAV crashing, so I've temporarily
switched to F-Prot which *did* find something wrong with the earlier mentioned file, as
well as two others:
[Found trojan] <JS/Redir.HY (exact, not disinfectable)>
/z/public/pub/wikimedia/images/wiktionary/fj/c/c4/citibank-car-loan.pdf
[Found exploit] <CVE-2009-0658 (not disinfectable)>
/z/public/pub/wikimedia/images/wikisource/ar/7/7d/الحراب_في_صدر_البهاء_والباب.pdf
[Found exploit] <CVE-2009-0658 (not disinfectable)>
/z/public/pub/wikimedia/images/wikisource/ar/b/be/السنة_لابن_حنبل.pdf
At the rate it's going, it's going to take several days to finish, even with
several running in parallel. I'll let it finish, but it's looking like at minimum
there are some old PDFs that have some exploit code in them.
-- Kevin