On Jul 1, 2012, at 10:13 PM, Hydriz Wikipedia wrote:
As far as I know, the chances are rather slim, because the MediaWiki software has a malware checker (I think).
Perhaps we shall see what outputs from the ClamAV checking, before we can know what is happening.
I've been having a lot of problems with ClamAV crashing, so I've temporarily switched to F-Prot which *did* find something wrong with the earlier mentioned file, as well as two others:
[Found trojan] <JS/Redir.HY (exact, not disinfectable)> /z/public/pub/wikimedia/images/wiktionary/fj/c/c4/citibank-car-loan.pdf [Found exploit] <CVE-2009-0658 (not disinfectable)> /z/public/pub/wikimedia/images/wikisource/ar/7/7d/الحراب_في_صدر_البهاء_والباب.pdf [Found exploit] <CVE-2009-0658 (not disinfectable)> /z/public/pub/wikimedia/images/wikisource/ar/b/be/السنة_لابن_حنبل.pdf
At the rate it's going, it's going to take several days to finish, even with several running in parallel. I'll let it finish, but it's looking like at minimum there are some old PDFs that have some exploit code in them.
-- Kevin