Wannacry/CryptoLock protection? :)

So, I’m sure you all know what spawned this thought. :slight_smile:

I run a periodic rclone job from my NAS to ACD, giving me both Cloud backup and mobile access to my photos and docs. I’ve always wondered how I might be able to keep this running in a regular, automated way, but also avoid syncing a load of encrypted/locked files up (over-writing my backup) if I was hit by a ransomware malware attack.

Thought occurred to me that it might be possible to put some validation into the rclone sync process so that known file types (jpeg/png/tiff/etc) are checked for validity as the copy is processed - and if (for example) a .jpg file isn’t readable as a valid JPEG, it’ll be skipped. That way, rclone would avoid uploading corrupt/encrypted files and trashing my backup.

I suspect currently it would only be feasible for images/photos (and maybe video). Doing the same for other file types would be long and unweildy (e.g., checking a valid Word doc is uber-complex). But the major proportion of my backup is the 200,000-odd photos I and my wife have taken over the last 10 years, so it would be a great safety net.

Obviously, this wouldn’t work for people who intentionally encrypt when they back up, but for those of us that don’t…

Thoughts? Am I being insane? :slight_smile:

1 Like

If you are worried about syncing corrupted files to your backup, you can always add a local check to whatever script is called to do the backup. For example, you can run file -ib <file> and parse the MIME output to ensure that a file with a JPG extension contains JPEG data.


Right, but I have 200,000 image files, totalling 2TB. So it would be more efficient if the sync job did it as it reads the file, rather than having to pre-process first. :slight_smile:

I had exactly the same concern, but since the last version, I use --backup-dir & --suffix. That way, the old files will be moved instead of overwritten.

Still doubting however what’s the best way to set these parameters to be able to restore easily (2 use cases: 1/ large amount of data 2/ small amount of data)
Right now my settings: --backup-dir is a fixed directory; --suffix is the current date…