Automatic Blacklist malware

I find myself frequently having to blacklist downloads because someone is uploading malware to various sites for usually next week’s episodes, so sonarr is downloading that as it’s not released yet. All these are large .lnk files which run some CMD command presumably to crypto lock the computer. Sonarr is correctly warning that there is no applicable video file, but it’d be great if it could automatically delete and blacklist that release too.

Getting a .ink file file actually coming through is a rare instance, just as rare as peeps creating bad video files. As for running anything ONLY if you actually explicitly click the item. If you’re on Windows or Apple you must have security software, software which would catch any .ink files and remove them.

EDIT:

Try going to Settings, Profiles, Release Profiles and create a new one to exclude .ink and see if that works. I just added .ink to the one I created for other words to exclude.

It’s lnk, lowercase L, and adding it in “must not contain” is pointless. That just looks at the release name and allows/blocks if it contains or doesn’t contain any of those words.
Probably better to keep an eye on the GHI here, which discusses mostly the same issue (different extension): Treat Downloads with Executable Files as Failed · Issue #7369 · Sonarr/Sonarr · GitHub

What also might help is set the minimum size sliders for all qualities to something you actually expect. At least they should never be set to 0. Even setting it to e.g. 50mb is plenty to filter out fake releases with a virus or other nefarious file of a few (mega)bytes.

1 Like

Ok that’s probably why I rarely see it cause my minimum is set to 450 mb for 42 minutes.