[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: scan repository for viruses

From: jehan procaccia <jehan.procaccia_at_it-sudparis.eu>
Date: Tue, 18 Nov 2008 09:02:15 +0100

jehan procaccia wrote:
> Well, I understand that it won't be an easy task .
> I like this one:
> "Can't you just svnlook cat -t each file?"
> if you have a complete command sample with a pipe to clamav , that
> would same me hours searching how to do it ;-) .
Ok, it took me a certain time (mostly with svnlook rather than clamav
...), but I finnaly get it ;-)
"svnlook cat each files and pipe the output to clamav antivirus"
exemple:
[root_at_svnserver /data2/svn/repos/test4/db]
$ svnlook cat /data2/svn/repos/test4 "New Document Microsoft Office
Word.docx" | clamscan -

Now I'll try to figure out how to write a script that gets a list of all
files in the repository (possibly "svnlook tree") to feed "svnlook cat"
in the first place .

Thanks for the advice .
>
> The alternative of checking-out a dedicated Working Copy for scanning
> it with a windows antivirus and then commit back on the server
> repository only clean files seems ok to me, but what should I do with
> eventual infected files ? hopefully the antivirus would remove the
> virus from the infected file, and then I force a commit on it ? but
> how ? I have to do a small change in it so that it get a newer revision ?
>
> Thanks .
>
> Andy Levy a écrit :
>> On Fri, Nov 14, 2008 at 13:19, Bob Archer <Bob.Archer_at_amsi.com> wrote:
>>
>>> Can't you create pre-commit scripts client side to do something like
>>> this?
>>>
>>
>> Depends on what "this" is.
>>
>> To scan the file contents before they go into the repository, you'd
>> have to maintain a WC on the server for the whole repository (or
>> perform a checkout or export) and apply the diff to that WC, then run
>> the virus scan & check the results.
>>
>>
>>> -----Original Message-----
>>> From: Andy Levy [mailto:andy.levy_at_gmail.com]
>>> Sent: Friday, November 14, 2008 1:14 PM
>>> To: jehan.procaccia_at_it-sudparis.eu
>>> Cc: users_at_subversion.tigris.org
>>> Subject: Re: scan repository for viruses
>>>
>>> On Fri, Nov 14, 2008 at 13:01, jehan procaccia
>>> <jehan.procaccia_at_it-sudparis.eu> wrote:
>>>
>>>> hello,
>>>>
>>>> I know that some users commit files containing viruses :-(
>>>> how can I check/scan a svn repository for viruses before the they are
>>>>
>>> spread
>>>
>>>> on all clients updating their local files ?
>>>>
>>>> I know that real files /revisions are located in db/revs subdir (ei
>>>> /svn/repos/Test-repo/db/revs), but then it's only index filenames ...
>>>> is their a way to scan a repository on the server ?
>>>>
>>>> PS: I use subversion-1.4.2-2.el5 on Centos 5.2 , btw, do you recommend
>>>>
>>> an
>>>
>>>> anti-virus under linux ?
>>>>
>>> Even when whole versions of the files are stored, I believe they're
>>> stored compressed. You'll have to check out each revision of the
>>> repository and scan incrementally.
>>>
>>> But what will you do once you've found the files? Remove them with
>>> svnadmin dump/svndumpfilter/svnadmin load?
>>>
>>> Won't the antivirus on the desktops protect those desktops when they
>>> perform a checkout? How did these infected files even get into the
>>> repository in the first place? You may fix the problem "today" but
>>> unless measures are in place, you could find yourself back in this
>>> same position next week.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
>>> For additional commands, e-mail: users-help_at_subversion.tigris.org
>>>
>>>
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-11-18 09:03:02 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.