[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: Content scanning during checkout/update

From: Toplak Daniel <D.Toplak_at_cadenas.de>
Date: Tue, 19 Jul 2011 19:11:29 +0200

Ryan, as you mention the svnhookdispatcher-fake does not block the checkout so the malicious content is delivered to the client, which I want to avoid.

The scanning on commit is only the half of the security, as you wrote, at the time of the commit the malicious content could not be detected by the heuristic of the scanning process. (f.e. signature is unknown).

My approach via the mod_clamav output filter blocks the content be delivered to the client and breaks the checkout/update with a http status 500 and a information in the http status line.
But this only works when "SVNAllowBulkUpdates off" is set in the server settings, which leads to slow performance.

Regards.
Daniel Toplak

-----Ursprüngliche Nachricht-----
Von: Ryan Schmidt [mailto:subversion-2011a_at_ryandesign.com]
Gesendet: Dienstag, 19. Juli 2011 19:03
An: Toplak Daniel
Cc: users_at_subversion.apache.org
Betreff: Re: Content scanning during checkout/update

On Jul 19, 2011, at 07:06, Toplak Daniel wrote:

> I want to implement a server side scanning for malicious content in both ways: when commits arrive and when checkouts updates are send to the client.
> The first way is running fine via a pre-commit hook which extracts the content from the transaction and scan the content with clamav.
>
> My problem is to get the 2nd thing working.

Right, that's more difficult since Subversion doesn't have a pre- or post-checkout or -update hook.

I wrote a script to help you fake it, if you're serving the repository using Apache:

http://www.ryandesign.com/svnhookdispatcher/

This wouldn't prevent someone from checking out or updating, but would give you a chance to run a script on the server when they do. If the script finds something it needs to alert the user about, it could do so using external means, like by sending them an email or an instant message.

But why is it that you want to scan not only at commit time but also at checkout/update time? If you scan files for malicious content at commit, isn't that enough? Once you've verified the commit is clean, it'll stay clean; revisions can't be modified later. Or are you worried that someone commits some new malware that's not yet identified by your scanning software, and you want to scan it again later with updated versions of the scanning software?
Received on 2011-07-19 19:12:09 CEST

This is an archived mail posted to the Subversion Users mailing list.