As far as I know, the chances are rather slim, because the MediaWiki software has a malware checker (I think).
Perhaps we shall see what outputs from the ClamAV checking, before we can know what is happening.
On Mon, Jul 2, 2012 at 10:13 AM, Kevin Day kevin@your.org wrote:
We got an automated notice from one of the big search engines that both http://ftpmirror.your.org and http://dumps.wikimedia.your.org were hosting some unspecified malware. I've verified nothing on the mirror box itself is compromised from the best I can tell, which leaves them being unhappy with something that we're mirroring.
I've started ClamAV scanning the whole public volume, but that's going to take quite a while (+20 million files, 80TB of data). The only thing it's complained about so far is:
http://ftpmirror.your.org/pub/wikimedia/images/wiktionary/fj/c/c4/citibank-c...
which was making the scanner crash. I don't see anything wrong with the file itself though.
Is it possible someone could have uploaded something at one point that was malicious and it's still floating around in the archives that got pushed to us?
-- Kevin
Xmldatadumps-l mailing list Xmldatadumps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/xmldatadumps-l