[ZODB-Dev] Re: Data.fs Scanning for Virus

Casey Duncan casey at zope.com
Thu May 6 14:51:47 EDT 2004 

On Thu, 6 May 2004 14:31:04 -0400
"Tim Peters" <tim at zope.com> wrote:

> [Sajan Varghese]
> >    I have a setup in Windows 2000 with Zope 2.7 and Plone 1.0,5  ,
> > How do I scan the ZODB that is Data.fs for particular Virus Infected
> > File Uploaded ..
> >
> >   Is there any ZODB based Antivrus available , Which Deletes only
> >   the
> > Virus Infected File from ZODB Data.fs File
> 
> I don't mean to be flippant, but how do you scan other things on your
> Win2000 box for viruses?  It's much better to avoid putting an
> infected file into ZODB to begin with -- just like it's much better to
> avoid putting an infected file into Oracle to begin with, or into any
> other database system.
> 
> Once it's in ZODB, your job is bound to be much harder.  I haven't
> heard of anything that scans FileStorage-format files for viruses. 
> "Removing a file" from ZODB isn't easy even if you can recognize that
> it's infected, because you also need to remove all references *to* the
> file object elsewhere in the database (and there must be at least one:
>  every object in ZODB is reachable
> from "the root" object -- ZODB isn't like a tarball, the contents of a
> ZODB database are interrelated).
> 
> In short, don't think of this as a ZODB question and I expect you'll
> make better progress.  You should try to catch infected files the
> instant they appear on your machine.  They don't show up in ZODB
> unless you commit a transaction that adds them to ZODB.

I doubly agree, you should perform the scan at the time the file is
added, before it is stored. The downside to that of course is that it
cannot detect extremely recent viruses which sneak in before the
scanners signatures are updated.

Given the ability to scan incoming files within your application,
however (A feature that you will need to develop), It should be
reasonable to scan existing file object again from within the
application. Perhaps a script executed nightly would iterate all of the
"file" objects in you ZODB looking for viruses. If it found any it could
perform some appropriate action.

-Casey

More information about the ZODB-Dev mailing list