[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Content scanning during checkout/update

From: Mark Phippard <markphip_at_gmail.com>
Date: Tue, 19 Jul 2011 13:15:45 -0400

On Tue, Jul 19, 2011 at 8:06 AM, Toplak Daniel <D.Toplak_at_cadenas.de> wrote:

> I want to implement a server side scanning for malicious content in both
> ways: when commits arrive and when checkouts updates are send to the client.
>
> The first way is running fine via a pre-commit hook which extracts the
> content from the transaction and scan the content with clamav.****
>
> ** **
>
> My problem is to get the 2nd thing working.****
>
> ** **
>
> I have a running version with mod_clamav (
> http://software.othello.ch/mod_clamav/) as an apache output filter, but
> this works only if I turn of the bulk updates with “SVNAllowBulkUpdates off”
> in the apache config.****
>
> Disadvantage of this solutions is, that the checkouts/updates are extremely
> slow due to the “SVNAllowBulkUpdates off”****
>
> If I omit this setting (which is the default) then the checkouts/updates
> are fast, but the scanning is no longer working.****
>
> Does anyone have a good idea to solve this problem?
>

You can configure your clients to use ra_serf. Serf natively uses the
technique that this directive turns on for Neon, except that Serf is
designed for this approach and uses modern techniques to make it perform
acceptable. Specifically it opens multiple connections to the server and
also uses pipelining.

Add http-library = serf to the end of your servers file on each client to do
this.

Unfortunately, with SVN 1.6 serf is not as stable as Neon. You might still
find it usable though. It gets better with SVN 1.7 where serf may even
become the default HTTP client.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2011-07-19 19:16:17 CEST

This is an archived mail posted to the Subversion Users mailing list.