We got an automated notice from one of the big search engines that both http://ftpmirror.your.org and http://dumps.wikimedia.your.org were hosting some unspecified malware. I've verified nothing on the mirror box itself is compromised from the best I can tell, which leaves them being unhappy with something that we're mirroring.
I've started ClamAV scanning the whole public volume, but that's going to take quite a while (+20 million files, 80TB of data). The only thing it's complained about so far is:
http://ftpmirror.your.org/pub/wikimedia/images/wiktionary/fj/c/c4/citibank-c...
which was making the scanner crash. I don't see anything wrong with the file itself though.
Is it possible someone could have uploaded something at one point that was malicious and it's still floating around in the archives that got pushed to us?
-- Kevin