On Mon, Mar 11, 2013 at 11:02 AM, Kevin Day kevin@your.org wrote:
We've once again been notified that our mirror of the Wikimedia images is "hosting malware". A quick check appears to mostly be more newly uploaded PDFs with one or more exploits in them, but there are also a few other media types that seem to be similarly damaged.
I'm personally okay with ignoring it, it's not hurting us any, but ideally I'd like to see things like this get removed. Many of the infected PDFs appear to be arabic language documents that would be of interest to people critical of their government, so the implications of what's going on here are probably bigger than just random viruses getting added to files.
I'm happy to scan everything again and post a list of things. I'm also willing to automate this if it would help (periodic scans and uploading a list of all questionable images to a wiki page somewhere?) Anyone have any suggestions on what to do here?
Kevin, dealing with the current issue, the list you provided last time was helpful so that admins could go through and delete the files. If you're able to generate that again, I think it would help.
For the longer-term issue, the WMF is not currently scanning upload with a virus scanner, because of the performance and false positive rates. It would be great if we could get a bot to scan and flag files, so we can shorten the time to removing them.