[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Question about anti-virus software and SVN

From: Lübbe Onken | RA Consulting <l.onken_at_rac.de>
Date: Tue, 29 Jan 2008 09:19:49 +0100

Hi Lee Gillam,

You wrote:

> Q - What will happen to the integrity of the SVN repository if the
> following happens, and we need to revert to a previous version of a
> file:
>
> Scenario 1 - A desktop machine has an infected file, the anti-virus
> software deletes or quarantines the file, and the folder is
> "committed" to SVN?

If the file was not under subversion control, nothing happens in the repository.
If the file was under subversion control, the client will restore the file from the repository during the next update, because it wasn't deleted using subversion commands. Subversion finds it "missing from the working copy". The file may then be infected or not, depending on its state in the repository.

> Scenario 2 - the server which holds the SVN repository, has
> an infected
> file, the anti-virus software deletes or quarantines the file, and a
> desktop user trys to recover the file to their desktop?

When the file is deleted from the repository "behind the scenes" by an AV software, your repository is broken afterwards. If you're lucky you can fix it manually. If not, you're done...

The question of trying to recover the file to the desktop doesn't arise anymore in this case. Don't allow any AV to touch your repositories. Never! Jamais! Jamás! Niemals!

> Q - So, is our virus software (AVG in this case), a potential
> hazard/risk to the operation of SVN and the integrity of our data?

On the client side, many virus scanners cause write access errors, because they lock files for scanning while subversion is still working on them. You can have a lot problems with them.

> Is
> there something we can do within our software, or is their an
> alternate Anti-virus software that you recommend?

I strongly recommend no AV on the repository.

I am using the following two virus scanners on the client PC without problems for >2 years now.
At work: CA eTrust
At home: NOD32
Other people may report different things though. I had false positives with CA eTrust on some dlls.

Cheers
- Lübbe

--
       ___
  oo  // \\      "De Chelonian Mobile"
 (_,\/ \_/ \     TortoiseSVN
   \ \_/_\_/>    The coolest Interface to (Sub)Version Control
   /_/   \_\     http://tortoisesvn.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-01-29 09:21:24 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.