On 11/07/12 23:50, Kevin Day wrote:
>
> My final list of possibly naughty things uploaded. I know some of these are
> pretty harmless (html being appended to jpegs), and most are just encrypted
> RARs appended to images or encrypted PDF files. I don't know if there's a
> policy on barring encry
My final list of possibly naughty things uploaded. I know some of these are
pretty harmless (html being appended to jpegs), and most are just encrypted
RARs appended to images or encrypted PDF files. I don't know if there's a
policy on barring encrypted files but I can't really think of a good
On 03/07/12 18:47, Kevin Day wrote:
> Even temporarily forgetting about the complexity of scanning PDFs, there's a
> lot of weirdness in a lot of files that even ClamAV doesn't find. For
> example: (replacing < and > with [ and ] so this doesn't trigger anyone's
> mail spam filters)
>
> strings
On Jul 2, 2012, at 4:14 PM, Platonides wrote:
>> On Jul 1, 2012, at 10:13 PM, Hydriz Wikipedia wrote:
>>
>>> As far as I know, the chances are rather slim, because the MediaWiki
>>> software has a malware checker (I think).
>>>
>>> Perhaps we shall see what outputs from the ClamAV checking, be
> On Jul 1, 2012, at 10:13 PM, Hydriz Wikipedia wrote:
>
>> As far as I know, the chances are rather slim, because the MediaWiki
>> software has a malware checker (I think).
>>
>> Perhaps we shall see what outputs from the ClamAV checking, before we can
>> know what is happening.
MediaWiki supp
Kevin Day, 02/07/2012 05:27:
[Found trojan]
/z/public/pub/wikimedia/images/wiktionary/fj/c/c4/citibank-car-loan.pdf
[Found exploit]
/z/public/pub/wikimedia/images/wikisource/ar/7/7d/الحراب_في_صدر_البهاء_والباب.pdf
[Found exploit]
/z/public/pub/wikimedia/images/wikisource
On Jul 1, 2012, at 10:13 PM, Hydriz Wikipedia wrote:
> As far as I know, the chances are rather slim, because the MediaWiki software
> has a malware checker (I think).
>
> Perhaps we shall see what outputs from the ClamAV checking, before we can
> know what is happening.
I've been having a lo
As far as I know, the chances are rather slim, because the MediaWiki
software has a malware checker (I think).
Perhaps we shall see what outputs from the ClamAV checking, before we can
know what is happening.
On Mon, Jul 2, 2012 at 10:13 AM, Kevin Day wrote:
>
> We got an automated notice from
We got an automated notice from one of the big search engines that both
http://ftpmirror.your.org and http://dumps.wikimedia.your.org were hosting some
unspecified malware. I've verified nothing on the mirror box itself is
compromised from the best I can tell, which leaves them being unhappy wi