Virus in Subversion repository, what to do?

Question

Imagine the following situation:

1. A virus infected file was commited into a Subversion repository.
2. A Anti Virus scanner runs on the server and also scans the Subversion repository.

The Anti Virus scanner will delete the affected revision or move it to quarantine. The consequence is a broken repository.

If the revision file is recoverable (from quarantine), how to solve this problem?
I have some goals to achieve:

1. The AV is not allowed to be disabled or excluded from the directories.
2. The virus infected file must not be stored in the repository
3. The repository must be consistens and usable.

What is the nicest solution for this little problem?

Answer 1

From the FAQ:

There are special cases where you might want to destroy all evidence of a file or commit. (Perhaps somebody accidentally committed a confidential document.) This isn't so easy, because Subversion is deliberately designed to never lose information. Revisions are immutable trees which build upon one another. Removing a revision from history would cause a domino effect, creating chaos in all subsequent revisions and possibly invalidating all working copies.

The project has plans, however, to someday implement an svnadmin obliterate command which would accomplish the task of permanently deleting information. (See issue 516.)

In the meantime, your only recourse is to svnadmin dump your repository, then pipe the dumpfile through svndumpfilter (excluding the bad path) into an svnadmin load command. See chapter 5 of the Subversion book for details about this.

Answer 2

The easiest? Restore from a backup from before the commit with the virus...