Fajar A. Nugraha wrote:
Dennis Peterson wrote:
Fajar A. Nugraha wrote:
Database objects can include blobs (binary large objects). These can
be files including executables, documents, other databases. They can
have viruses. In some instances the blob in an internal representation
and can be difficult to get to without sql. In other cases blobs can
be external storage objects (file system files) and easy to get at.
Regardless, there are many reasons one would wish to scan them for
viruses.
Yes, but (suppose) clamscan finds a virus on file oradata01.dbf. Would
you REALLY spend your time examining which record on what table has the
BLOB?
Seems like that would be a bad method for scanning a database for
infected BLOBs.
A better mechanism might be to write a process which looks through the
database (via the database's normal access mechanisms, and doing queries
on the tables which contain blobs), and then submitting the individual
blobs to a virus scanner (any virus scanner) for individual checking.
What you do from there depends on individual goals, but the choices
might include:
a) sending a report to relevant parties about which records (by record
ID, or whatever) contain infected blobs
b) deleting the records which contain infected blobs
c) replacing the infected blob with a disinfected version of said blob
d) replacing the blob with a notice indicating that the the blob had
been infected and removed, possibly placing the blob into a quarantine
area (or deleting the blob).
e) combine approaches: send a report that says which records were
infected, place the original blob in a quarantine and replace it with
either a notice or a disinfected blob (depending on whether or not the
disinfection was possible/successful).
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
