I have sonarr, radarr, gluetun and qbittorrent with overseer allowing my family to request movies and automatically download. I only have public indexers in prowlarr (1337x, kickass torrents, etc.)
This NAS also has a lot of important data like photos and documents.
I am used to vetting my torrents pretty thoroughly before downloading but now it's all automatic.
What level of risk am I running with my data when downloading things in this manner? Is there a chance of malware getting onto my NAS? Ransomware? Is the risk pretty minimal?
on linux/unix you can make partitions files non executable.
Maybe you can mount in fstab a partition with the parameter NOEXEC:
Option 'NOEXEC' flag in the mount command does not allow the execution of executable binaries in the mounted file system1. However, when a script (a text file that begins with she-bang line; i.e., a line that begins with #!) is given to some shells (bash), it will run the executable named on that line (e.g., /usr/bin/perl) and pass the path of the shell script as the first argument. The actual interpreter might not be on that mountpoint.
1 The mount command typically mounts a file system. (Arguably, loop-back or bind mounts may be considered an exception to this generality.) In some cases (e.g., /tmp), this file system will contain only one directory.