Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X
Hi All,
If one of your member (File is an .exe) got infected with virus and we working with heterogeneous environment like Linux & windows FSA servers. Will there be any issues when if anybody opens this file to use or will there be any issues when passing through any of our windows servers. The name of the Trojan is Trojan.Gen.SMH and I am trying to find more about the Trojan from our security team, mean while I want to ask this question in Idea forum if anyone has come across any of this situations and how did you handle them.
Regards
Sreedhar
Hello Sreedhar,
Member revisions in the SQL database are "inert", so they can't actively propagate or negatively impact the database (other than taking up space).
The danger here is when those members are checked out by those who are unaware of the virus. This is one of the few times we would recommend the use of the si deleterevisionhttp://support.ptc.com/cs/help/integrity_hc/integrity109_hc/index.jspx?id=si_deleterevision&action=show command. By deleting the infected revision, you prevent someone from accidentally causing an outbreak of the virus contained in the revision.
Hopefully you can get an uninfected copy of the executable in question.
Regards,
Kael
Hello Kael,
one additional question:
If an Integrity User find out that ONE member revision contains a virus, how to check whether others might also be infected without first synchronizing them?
Is there any way proposed by PTC how to handle such a problem?
Greetings,
Klaus
Hi Klaus,
You can't check a revision without resynchronizing it. If you suspect you might have infected revisions, I would expect that all the revisions would be checked by either the Integrity Administrator, the Security team, or someone on the Development team by resynchronizing all the versions. Source Integrity is there to manage the versioning, regardless of what's in there. The need to make sure that what's in there is the right thing is outside of Integrity's scope.
To be properly security conscious, it would probably be best to sandbox and script the scanning of suspected revisions by:
If you wanted to be as defensive as possible, you could do a post-checkout scan. This isn't recommended because:
You might be tempted to simply scan every member as it's being checked in (or even just members with certain extensions). This slows down check-in for all the affected members (assuming you restrict it to members known to carry virus payloads, this could still be substantial). If you filter by extension, "clever" users will add .txt or .jpg to some member names before checking them in to speed up the check-in process, defeating the automatic scan.
The real solution is to minimize the possibility of getting an infected member in the first place, which can be difficult. A worst case example would be something along the lines of a requirement for a particular open source executable for a given project, but the official site of that software package is compromised, you'll have to build from source to get a clean version, and you'll have to review the source first.
Regards,
Kael
Hi Sreedhar,
Did you have any follow-up questions, or did one of my answers address what you were looking for? If one of these posts did answer your question, could you please acknowledge it by clicking on the Correct Answer button at the bottom of the relevant post?
Thanks,
Kael