AW: Content scanning during checkout/update
From: Toplak Daniel <D.Toplak_at_cadenas.de>
Date: Tue, 19 Jul 2011 19:11:29 +0200
Ryan, as you mention the svnhookdispatcher-fake does not block the checkout so the malicious content is delivered to the client, which I want to avoid.
The scanning on commit is only the half of the security, as you wrote, at the time of the commit the malicious content could not be detected by the heuristic of the scanning process. (f.e. signature is unknown).
My approach via the mod_clamav output filter blocks the content be delivered to the client and breaks the checkout/update with a http status 500 and a information in the http status line.
On Jul 19, 2011, at 07:06, Toplak Daniel wrote:
> I want to implement a server side scanning for malicious content in both ways: when commits arrive and when checkouts updates are send to the client.
Right, that's more difficult since Subversion doesn't have a pre- or post-checkout or -update hook.
I wrote a script to help you fake it, if you're serving the repository using Apache:
This wouldn't prevent someone from checking out or updating, but would give you a chance to run a script on the server when they do. If the script finds something it needs to alert the user about, it could do so using external means, like by sending them an email or an instant message.
But why is it that you want to scan not only at commit time but also at checkout/update time? If you scan files for malicious content at commit, isn't that enough? Once you've verified the commit is clean, it'll stay clean; revisions can't be modified later. Or are you worried that someone commits some new malware that's not yet identified by your scanning software, and you want to scan it again later with updated versions of the scanning software?
This is an archived mail posted to the Subversion Users mailing list.