On Jul 19, 2011, at 12:11, Toplak Daniel wrote: > My approach via the mod_clamav output filter blocks the content be delivered > to the client and breaks the checkout/update with a http status 500 and a > information in the http status line.
I'm still curious: does this really work? For an "svn update" for example Subversion only transfers the differences between what the user already has in their working copy and what's in the requested revision on the server, plus it's compressed. Will clamav detect malware that is compressed? Will clamav detect malware that is inserted into an existing file the user already had? More importantly, is this really a big problem for your setup -- malware getting into the repository? It seems like a rather uncommon situation to me. But if you think it is common for your situation, would it be sufficient to scan the HEAD of the repository for malware periodically -- daily or weekly, or whenever malware definitions are updated? Maybe that would be simpler to implement and perform better than scanning on every access.
