tags:

views:

236

answers:

3
+11  Q: 

Virus in Subversion repository, what to do?

Imagine the following situation:

  1. A virus infected file was commited into a Subversion repository.
  2. A Anti Virus scanner runs on the server and also scans the Subversion repository.

The Anti Virus scanner will delete the affected revision or move it to quarantine. The consequence is a broken repository.

If the revision file is recoverable (from quarantine), how to solve this problem?
I have some goals to achieve:

  1. The AV is not allowed to be disabled or excluded from the directories.
  2. The virus infected file must not be stored in the repository
  3. The repository must be consistens and usable.

What is the nicest solution for this little problem?

+2  A: 

The easiest? Restore from a backup from before the commit with the virus...

ircmaxell  2010-05-27 14:37:00
The revision is older than one year. Or better said: > 6000 revisions old. Backup won't do it.
furtelwart  2010-05-27 19:13:21
Well, I guess you learned a lesson. Backup early and often...
ircmaxell  2010-05-27 20:31:02
I have backups, lots and lots. If I restore a backup before the commit, I lose > 6000 revisions. that's not feasible.
furtelwart  2010-05-28 05:16:57
+10  A: 

From the FAQ:

There are special cases where you might want to destroy all evidence of a file or commit. (Perhaps somebody accidentally committed a confidential document.) This isn't so easy, because Subversion is deliberately designed to never lose information. Revisions are immutable trees which build upon one another. Removing a revision from history would cause a domino effect, creating chaos in all subsequent revisions and possibly invalidating all working copies.

The project has plans, however, to someday implement an svnadmin obliterate command which would accomplish the task of permanently deleting information. (See issue 516.)

In the meantime, your only recourse is to svnadmin dump your repository, then pipe the dumpfile through svndumpfilter (excluding the bad path) into an svnadmin load command. See chapter 5 of the Subversion book for details about this.

RedFilter  2010-05-27 14:37:17
svndumpfilter is the only answer short of restoring from backup. +1
rmeador  2010-05-27 14:57:02
A: 

If you created the repository in file mode (single repo file per source file) then you can probably fix/edit/replace the infected file.
If you created it in DB mode then it's harder - you can svndump then svncreate a new repo, but it's probably easier to exclude the SVN repository from the virus scan

Martin Beckett  2010-05-27 14:40:12
The revision file is infected, so no replace/edit whatever is possible.
furtelwart  2010-05-27 19:14:18

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?