As far as I know, the chances are rather slim, because the MediaWiki software has a malware checker (I think).

Perhaps we shall see what outputs from the ClamAV checking, before we can know what is happening.

On Mon, Jul 2, 2012 at 10:13 AM, Kevin Day <kevin@your.org> wrote:

We got an automated notice from one of the big search engines that both http://ftpmirror.your.org and http://dumps.wikimedia.your.org were hosting some unspecified malware. I've verified nothing on the mirror box itself is compromised from the best I can tell, which leaves them being unhappy with something that we're mirroring.

I've started ClamAV scanning the whole public volume, but that's going to take quite a while (+20 million files, 80TB of data). The only thing it's complained about so far is:

http://ftpmirror.your.org/pub/wikimedia/images/wiktionary/fj/c/c4/citibank-car-loan.pdf

which was making the scanner crash. I don't see anything wrong with the file itself though.


Is it possible someone could have uploaded something at one point that was malicious and it's still floating around in the archives that got pushed to us?

-- Kevin


_______________________________________________
Xmldatadumps-l mailing list
Xmldatadumps-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/xmldatadumps-l



--
Regards,
Hydriz

We've created the greatest collection of shared knowledge in history. Help protect Wikipedia. Donate now: http://donate.wikimedia.org