Hi,
I noticed that virus notifications sent by clamav-milter only contain
the recipient's username, and not the full email address.
This is rather unfortunate, since this makes it hard to figure out which
email address has been compromised, if you have multiple aliases /
virtusernames.
I had a look at the code, and noticed:
static sfsistat
clamfi_envrcpt(SMFICTX *ctx, char **argv)
{
(...)
to = smfi_getsymval(ctx, "{rcpt_addr}");
if(to == NULL)
to = argv[0];
(...)
}
While argv[0] is guaranteed to contain the full recipient email address
(e.g. "<[EMAIL PROTECTED]>"), it appears that the {rcpt_addr}
macro only contains the bare username (e.g. "myusername"). (This is
after applying the virtusertable, but before applying aliases.)
My guess is that {rcpt_addr} is used instead of argv[0] because of
whitelist checking. But privdata->to is used in various other places,
such as generating the virus notification, the Cc: header of the virus
notification, and the X-Original-To: header of a phishing report or
quarantine, among others. And this results in headers with incorrect
email addresses, so this is arguably a bug.
Wouldn't it be better to always store the full email address (argv[0])
in privdata->to, and store the username, if it is needed, in a separate
field, such as privdata->user? That way, only those places (whitelist?)
that need the bare username can be changed to use it, and other places
will use the correct recipient email address.
Best regards,
– Michael
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
