How to clean a virus that was detected in ClearCase

Answer

Before proceeding refer to Support Policy for Anti-Virus and ClearCase for details regarding the use of virus scanners with ClearCase.

1. The first thing to keep in mind is that only VOB/view storage should be scanned for viruses.
   The MVFS is really a version filter through which you see your real file elements; thus a virus, if found, is really in one of the containers in the view or VOB storage.
   
   
2. Next, determine where in your storage the virus is located.
   Is it located in the view storage or the VOB storage?
   If it's in the VOB storage, is it in the
s\sdft, c\cdft, or
d\ddft directory?
   
   
3. In all cases, you may want to try cleaning the virus in the storage container first but remember that it is possible that you will lose data.
• If the corruption is in the view storage (the .s directory), then it is a view private file, a checkedout file or a derived object. If it is a checkedout file, you can do a
'cleartool unco filename' and risk losing the changes you have made to the checkout. If the corrupted file is a derived object, you may want to run the view_scrubber command to fully remove the DO.
  If it is a view private file, you may want to delete the file.
  
  
• If the virus is in the c\cdft or d\ddft directory, you will most likely want to try to clean the virus first and if that doesn't work, then run the scrubber command to remove containers from the cleartext and DO pools.
  
  
• If the virus is in the s\sdft directory, you can try to clean it, but you will most likely have to restore the corrupted container from backup.
  

CAUTION: Do not allow the anti-virus product to remove the infected item.

The infected source item needs to be removed by hand to prevent VOB corruption.
In the VOB run: cleartool dump oid:oid number.


Example:



1. Virus is found at:


d:\ClearCase_Storage\VOBs\VOB1.vbs\s\sdft\32\1f\[oid number]

2. Dump the oid to find the file name, location and version:




M:\view\VOB1>cleartool dump oid:[oid number]
oid:[oid number]
\VOB1\dir1\dir2\bill.txt@@\main\2 <--file name,location,version>
oid=[oid number] dbid=[ID number]
mtype=version
stored fstat:
ino: 0; type: 1; mode: 04
usid: NOBODY
gsid: NOBODY
nlink: 0; size: 19
atime: [date & timestamp]
mtime: [date & timestamp]
ctime: [date & timestamp]
returned fstat:
ino: 155; type: 1; mode: 0555
usid: [ID number]
gsid: [ID number]
nlink: 1; size: 19
atime: [date & timestamp]
mtime: [date & timestamp]
ctime: [date & timestamp]
master replica dbid=3
idstr="\main\2"
elem=155 branch=156 ver num=2
cont dbid=536871221 container="32\1f\[ID number]"
source cont="\\server\ccstg_c\VOBs\VOB1.vbs\s\sdft\32\1f\[ID number]"
clrtxt cont="\\server\ccstg_c\VOBs\VOB1.vbs\c\cdft\4\4\[ID number]"
labels: REL7



3. In the VOB, cd to the appropriate directory (through a view) and run cleartool rmver.


M:\view\VOB1\dir1\dir2\>cleartool rmver bill.txt@@\main\2




Refer to the IBM Knowledge Center rmver topic for more information.