Question & Answer
Question
How can you clean a virus that was detected in IBM® Rational® ClearCase® (CC)?
Cause
An Anti-Virus (AV) scanner detected a virus signature in ClearCase data.
The data container was sent to the AV software provider to confirm that it's a real virus and now the data needs to be cleaned.
Answer
Before proceeding refer to Support Policy for Anti-Virus and ClearCase for details regarding the use of virus scanners with ClearCase.
- The first thing to keep in mind is that only VOB/view storage should be scanned for viruses.
The MVFS is really a version filter through which you see your real file elements; thus a virus, if found, is really in one of the containers in the view or VOB storage.
- Next, determine where in your storage the virus is located.
Is it located in the view storage or the VOB storage?
If it's in the VOB storage, is it in the
,
s\sdftc\cdft
, or
directory?
d\ddft
- In all cases, you may want to try cleaning the virus in the storage container first but remember that it is possible that you will lose data.
- If the corruption is in the view storage (the .s directory), then it is a view private file, a checkedout file or a derived object. If it is a checkedout file, you can do a
and risk losing the changes you have made to the checkout. If the corrupted file is a derived object, you may want to run the view_scrubber command to fully remove the DO.
'cleartool unco filename'
If it is a view private file, you may want to delete the file.
- If the virus is in the
c\cdft
ord\ddft
directory, you will most likely want to try to clean the virus first and if that doesn't work, then run the scrubber command to remove containers from the cleartext and DO pools.
- If the virus is in the
s\sdft
directory, you can try to clean it, but you will most likely have to restore the corrupted container from backup.
CAUTION: Do not allow the anti-virus product to remove the infected item.
The infected source item needs to be removed by hand to prevent VOB corruption.
In the VOB run: cleartool dump oid:oid number
.
Example:
1. Virus is found at:
d:\ClearCase_Storage\VOBs\VOB1.vbs\s\sdft\32\1f\[oid number]
2. Dump the
oid
to find the file name, location and version:
M:\view\VOB1>cleartool dump oid:[oid number]
oid:[oid number]
\VOB1\dir1\dir2\bill.txt@@\main\2 <--file name,location,version>
oid=[oid number] dbid=[ID number]
mtype=version
stored fstat:
ino: 0; type: 1; mode: 04
usid: NOBODY
gsid: NOBODY
nlink: 0; size: 19
atime: [date & timestamp]
mtime: [date & timestamp]
ctime: [date & timestamp]
returned fstat:
ino: 155; type: 1; mode: 0555
usid: [ID number]
gsid: [ID number]
nlink: 1; size: 19
atime: [date & timestamp]
mtime: [date & timestamp]
ctime: [date & timestamp]
master replica dbid=3
idstr="\main\2"
elem=155 branch=156 ver num=2
cont dbid=536871221 container="32\1f\[ID number]"
source cont="\\server\ccstg_c\VOBs\VOB1.vbs\s\sdft\32\1f\[ID number]"
clrtxt cont="\\server\ccstg_c\VOBs\VOB1.vbs\c\cdft\4\4\[ID number]"
labels: REL7
3. In the VOB, cd to the appropriate directory (through a view) and run cleartool rmver.
M:\view\VOB1\dir1\dir2\>cleartool rmver bill.txt@@\main\2
Refer to the IBM Knowledge Center rmver topic for more information.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21123029