On Fri, Nov 14, 2008 at 01:14:17PM -0500, Andy Levy wrote:
> On Fri, Nov 14, 2008 at 13:01, jehan procaccia
> <jehan.procaccia_at_it-sudparis.eu> wrote:
> > hello,
> >
> > I know that some users commit files containing viruses :-(
> > how can I check/scan a svn repository for viruses before the they are spread
> > on all clients updating their local files ?
> >
> > I know that real files /revisions are located in db/revs subdir (ei
> > /svn/repos/Test-repo/db/revs), but then it's only index filenames ...
> > is their a way to scan a repository on the server ?
> >
> > PS: I use subversion-1.4.2-2.el5 on Centos 5.2 , btw, do you recommend an
> > anti-virus under linux ?
>
> Even when whole versions of the files are stored, I believe they're
> stored compressed. You'll have to check out each revision of the
> repository and scan incrementally.
>
> But what will you do once you've found the files? Remove them with
> svnadmin dump/svndumpfilter/svnadmin load?
I guess being alerted of that fact that something nasty has entered
the repository is what is desired. Implementing an automated fix
should be pretty much impossible. Scheduling a task in a post-commit
hook which causes the server to scan a working copy of the whole repo
for viruses and sends email when something is found is probably as
good as you can get wrt automation.
> How did these infected files even get into the
> repository in the first place? You may fix the problem "today" but
> unless measures are in place, you could find yourself back in this
> same position next week.
Yes. The real solution to the problem is educating users (which
is sometimes easier said than done...)
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-11-14 20:16:13 CET