On 11/07/12 23:50, Kevin Day wrote: > > My final list of possibly naughty things uploaded. I know some of these are > pretty harmless (html being appended to jpegs), and most are just encrypted > RARs appended to images or encrypted PDF files. I don't know if there's a > policy on barring encrypted files but I can't really think of a good reason > to have them anywhere in commons. >
> [Found exploit] <CVE-2009-0658 (not disinfectable)> > /z/public/pub/wikimedia/images/wikisource/ar/7/7d/الحراب_في_صدر_البهاء_والباب.pdf > [Found exploit] <CVE-2009-0658 (not disinfectable)> > /z/public/pub/wikimedia/images/wikisource/ar/b/be/السنة_لابن_حنبل.pdf Already checked. IPhone31-* and IPod41-* files, plus Ifaithipsw.jpg and Snowbreeze295.jpg were all uploaded by IcisTececoy user. (all but one were already deleted). I have just banned him. > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/c/c4/Test1.rar.jpg->(appended) Uploaded by Danielito132, which seems a puppet of IcisTececoy. Also note by this user Test2.part01.rar.jpg, Test2.part02.rar.jpg, Thus_contumely.jpg, IThus_contumely.jpg all of them with embedded rar files. Deleted and blocked. > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/0/0d/PAY_SLIP_078322_Aug_2011_Tony.pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/f/fb/PAY_SLIP_078470_Aug_2011.pdf->OBJ001 Already deleted. Both by the same user. > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/0/0e/11013739714-ASKxxxxx0M-G4_ITR-V.pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/0/0a/ICICI_MAY2011.pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/c/c7/HDFC_BANK-_310711_(1).pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/c/cc/Ch1A.pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/f/f5/Ch3Q.pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/d/d3/Dev26.pdf->OBJ001 Short-lived files uploaded by an admin "This upload is part of a speed and endurance test for an application and bot platform I've been developing." > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/c/cb/احراز_هويت_مشتریان_در_خدمات_بانک_ملت.pdf->OBJ001 Deleted > [Found exploit] <IFrame.gen (exact, not disinfectable)> > /z/public/pub/wikimedia/images/wikipedia/commons/c/c2/Votantes-1924.jpg->(appended) Already deleted. Looks like the hosting iframe. > [Found exploit] <IFrame.gen (exact, not disinfectable)> > /z/public/pub/wikimedia/images/wikipedia/commons/c/ce/Silvana_Suárez_6.jpg->(appended) > [Found exploit] <IFrame.gen (exact, not disinfectable)> > /z/public/pub/wikimedia/images/wikipedia/commons/7/7c/Silvana_Suárez_7.jpg->(appended) More instances of the web-hosting iframe. The AV is being a bit paranoid here. > [Found exploit] <HTML/IFrame (exact, not disinfectable)> > /z/public/pub/wikimedia/images/wikipedia/commons/f/f8/Old_Jinan_Station_04.jpg->(appended) A slightly different iframe here. > /z/public/pub/wikimedia/images/wikipedia/commons/0/0a/Joseon-Kang_Huian-Gosagwansudo.jpg: > HTML.Spy.IMG-1 FOUND > /z/public/pub/wikimedia/images/wikipedia/commons/c/c0/The_Qing_Dynasty_Cixi_Imperial_Dowager_Empress_of_China_On_Throne_5.JPG: > HTML.Spy.IMG-1 FOUND More web-hosting iframes. > [Found exploit] <CVE-2004-0200 (not disinfectable)> > /z/public/pub/wikimedia/images/wikipedia/commons/9/9d/Exploit-MS04-028.proof.jpg MS04-028 proof of code. Not sure why it was uploaded... > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/9/9b/VADOFONE_DEC.pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/d/d7/Citibank_Account_Statement-20110501_TO_20110705.pdf->OBJ001 By the same user. Deleted. > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/4/49/ICICI_JUN2011.pdf->OBJ001 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/f/fd/ICICI_JUL2011.pdf->OBJ001 By the same user. Deleted. > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/9/9a/Farsinameh-Final_Draft.pdf->OBJ002 > [Unscannable] <File is encrypted> > /z/public/pub/wikimedia/images/wikipedia/commons/f/f9/Farsinameh-abridged_English_version.pdf->OBJ002 These don't seem to be encrypted. They are displayed fine. _______________________________________________ Xmldatadumps-l mailing list Xmldatadumps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/xmldatadumps-l
