[p4] Antivirus policy - Stephen Vance - com.perforce.perforce-user

2 messages in com.perforce.perforce-user[p4] Antivirus policy

From	Sent On	Attachments
Issam Alkawaf	02 Dec 2003 08:25
Stephen Vance	02 Dec 2003 17:14

Subject:	[p4] Antivirus policy
From:	Stephen Vance (ste...@vance.com)
Date:	12/02/2003 05:14:12 PM
List:	com.perforce.perforce-user

Issam --

This is a tough call. On the one hand, you don't want viruses lying around. On the other, they're part of your configuration management history.

Detection without automatic cleaning is probably the right thing. When you detect one, manually perform any cleaning steps. Fortunately, viruses are unlikely to be found in text files, only binaries. Binaries are stored as full revisions, although you'll need to make sure your virus scanner can scan the contents of gzipped files in order to catch viruses in compressed binaries, in which most virus-prone formats will be stored.

Once you detect a virus and decide to clean it, you will need to regenerate the perforce verify signatures for the files. (You are running 'p4 verify -qu' and 'p4 verify' to validate the integrity of your Perforce data before backup up, right?) You can force the signature to be recomputed with 'p4 verify -quv' for the specific file.

You will also need to decide what to do with viruses that can't be cleaned. If the revision is unimportant, you could obliterate the revision. If it's important, you have a big dilemma.

Steve

At 11:26 AM 12/2/2003, Issam Alkawaf wrote:

Hello, I am wondering what antivirus policy is used out there in conjunction with Perforce?

I have configured my antivirus software to simply detect viruses and not clean them because cleaning might corrupt the database. Is this the right thing to do?

Also I run my antivirus after having stopped the Perforce service. Again, is this the way to do it?

Thanks

Issam Alkawaf Software Configuration Supervisor Solvision Inc. www.solvision.net ialkawaf at solvision.net Tel: (450) 679-9542 ext.228 Fax: (450) 679-9477