"Hide Incoming Work Dir" Option Not Working

Julian Field mailscanner at ecs.soton.ac.uk
Thu Jul 25 09:17:43 IST 2002


Nathan,

You are absolutely right, I forgot to make the option affect the message to
the sender (it does also affect the report in VirusWarning.txt (sent to the
recipient) if your virus scanner puts the complete path to the infected
file in there.

Fortunately, the patch is very simple. I won't bother with another release
for this right now, unless a lot of people are using it...

Add a couple of lines to sendmail.pl:

*** 1300,1309 ****
--- 1300,1311 ----
       #$to   =~ s/^\s*\<(.+)\>\s*$/$1/;
       $parts = $Reports->{$id};
       $type1 = $InfectionTypes->{$id};
       $type  = join("", values %$type1);
       $report = join("Report: ", values %$parts);
+     # Hide working dir?
+     $report =~ s/\Q$Config::SrcDir\E\///gm if $Config::HideSrcDir;

       # Don't send a message to "" or "<>"
       next if $from eq "" || $from eq "<>";

       # Don't send a message to non-local addresses if we don't want to

Jules.

At 02:37 25/07/2002, you wrote:
>I just upgraded to Mailscanner v 3.22-7. This is the first time I've used
>the "Hide Incoming Work Dir" option.
>Unfortunately, it doesn't seem to work (unless I'm missing something).
>
>This option was enabled by default, but when I sent myself an eicar test
>message, the notices didn't appear any different. I decided to test it
>further. I disabled the option, sent a virus to myself. Restarted
>mailscanner, enabled the option again and sent the same virus. There are no
>differences in the notices either to the sender or the recipient of the
>virus. Is this option broken, or am I misunderstanding the functionality?
> From the looks of it, the path is still there whether I enable the option or
>not, and the message IDis the only thing that changes.
>
>See below.
>
>With Hide Incoming Work Dir =  yes
>==>
>
>Snippet from notice sent to "sender"
>====
>
>The virus detector said this about the message:
>Report: /var/spool/MailScanner/incoming/g6P1F1l05412/EICAR.COM  Infection:
>EICAR_Test_File
>=====
>
>Snippet from "VirusWarning.txt" sent to recipient:
>=====
>At Wed Jul 24 18:15:23 2002 the virus scanner said:
>g6P1F1l05412/EICAR.COM  Infection: EICAR_Test_File
>
>Note to Help Desk: Look on the MailScanner in
>/var/spool/MailScanner/quarantine (message g6P1F1l05412).
>=====
>
>With
>Hide Incoming Work Dir  = no
>
>Snippet from notice sent to "sender"
>====
>
>The virus detector said this about the message:
>Report: /var/spool/MailScanner/incoming/g6P1Ie405526/EICAR.COM  Infection:
>EICAR_Test_File
>=====
>
>Snippet from "VirusWarning.txt" sent to recipient:
>
>=====
>At Wed Jul 24 18:18:50 2002 the virus scanner said:
>g6P1Ie405526/EICAR.COM  Infection: EICAR_Test_File
>
>Note to Help Desk: Look on the MailScanner in
>/var/spool/MailScanner/quarantine (message g6P1Ie405526).
>=====
>
>Thanks,
>
>Nathan Johanson
>nathan at tcpnetworks.net

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list