Exploits in data

[nwtn]

I was just running ClamXav on my machine, and it identified a couple of the documents from webdevdata.org as having exploits.

data-dec2012/24article.com.html: JS.Trojan.Redir-16 FOUND
data-dec2012/drchatgyi.blogspot.co.uk: HTML.Exploit.CVE_2013_0028 FOUND

Because of the intended use of these documents, the risk is obviously extremely low. That said, it might be worth either scanning for and removing files like this before posting the data or including a warning with the download.

[yoavweiss]

Saving the files with a harmless extension (e.g. txt) may mitigate that (small) risk On Apr 25, 2013 10:38 PM, "David Newton" notifications@github.com wrote:

I was just running ClamXav on my machine, and it identified a couple of the documents from webdevdata.org as having exploits.

data-dec2012/24article.com.html: JS.Trojan.Redir-16 FOUND data-dec2012/drchatgyi.blogspot.co.uk: HTML.Exploit.CVE_2013_0028 FOUND

Because of the intended use of these documents, the risk is obviously extremely low. That said, it might be worth either scanning for and removing files like this before posting the data or including a warning with the download.

— Reply to this email directly or view it on GitHubhttps://github.com/Webdevdata/webdevdata.org/issues/6 .

[nwtn]

Love this idea

[marcoscaceres]

I agree. That seems like the most sensible things to do because these files are for searching, not for opening. We should remove the dirty files when we find them too - and provide a warning to people not to open them in the browser, just to use them for greppin' or whatever.

[yoavweiss]

Should be fixed in https://github.com/yoavweiss/webdevdata.org/commit/33a7aaa439a26a797d20583973d993f3ca144937

[nwtn]

awesome