On Fri, Nov 14, 2008 at 14:32, jehan procaccia
<jehan.procaccia_at_it-sudparis.eu> wrote:
> Well, I understand that it won't be an easy task .
> I like this one:
> "Can't you just svnlook cat -t each file?"
> if you have a complete command sample with a pipe to clamav , that would
> same me hours searching how to do it ;-) .
>
> The alternative of checking-out a dedicated Working Copy for scanning it
> with a windows antivirus and then commit back on the server repository only
> clean files seems ok to me, but what should I do with eventual infected
> files ? hopefully the antivirus would remove the virus from the infected
> file, and then I force a commit on it ? but how ? I have to do a small
> change in it so that it get a newer revision ?
You can't do this because the original commit hasn't completed yet at
that point. Your "clean" commit will sit forever waiting for the
infected commit to complete (remember, you're in pre-commit here)
I would suggest that you reject the commit altogether, and tell the
commiter "it appears you have a virus, fix it."
> Andy Levy a écrit :
>>
>> On Fri, Nov 14, 2008 at 13:19, Bob Archer <Bob.Archer_at_amsi.com> wrote:
>>
>>>
>>> Can't you create pre-commit scripts client side to do something like
>>> this?
>>>
>>
>> Depends on what "this" is.
>>
>> To scan the file contents before they go into the repository, you'd
>> have to maintain a WC on the server for the whole repository (or
>> perform a checkout or export) and apply the diff to that WC, then run
>> the virus scan & check the results.
>>
>>
>>>
>>> -----Original Message-----
>>> From: Andy Levy [mailto:andy.levy_at_gmail.com]
>>> Sent: Friday, November 14, 2008 1:14 PM
>>> To: jehan.procaccia_at_it-sudparis.eu
>>> Cc: users_at_subversion.tigris.org
>>> Subject: Re: scan repository for viruses
>>>
>>> On Fri, Nov 14, 2008 at 13:01, jehan procaccia
>>> <jehan.procaccia_at_it-sudparis.eu> wrote:
>>>
>>>>
>>>> hello,
>>>>
>>>> I know that some users commit files containing viruses :-(
>>>> how can I check/scan a svn repository for viruses before the they are
>>>>
>>>
>>> spread
>>>
>>>>
>>>> on all clients updating their local files ?
>>>>
>>>> I know that real files /revisions are located in db/revs subdir (ei
>>>> /svn/repos/Test-repo/db/revs), but then it's only index filenames ...
>>>> is their a way to scan a repository on the server ?
>>>>
>>>> PS: I use subversion-1.4.2-2.el5 on Centos 5.2 , btw, do you recommend
>>>>
>>>
>>> an
>>>
>>>>
>>>> anti-virus under linux ?
>>>>
>>>
>>> Even when whole versions of the files are stored, I believe they're
>>> stored compressed. You'll have to check out each revision of the
>>> repository and scan incrementally.
>>>
>>> But what will you do once you've found the files? Remove them with
>>> svnadmin dump/svndumpfilter/svnadmin load?
>>>
>>> Won't the antivirus on the desktops protect those desktops when they
>>> perform a checkout? How did these infected files even get into the
>>> repository in the first place? You may fix the problem "today" but
>>> unless measures are in place, you could find yourself back in this
>>> same position next week.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
>>> For additional commands, e-mail: users-help_at_subversion.tigris.org
>>>
>>>
>>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-11-14 20:44:26 CET