Michael Schaap wrote:
Hi,
I noticed that virus notifications sent by clamav-milter only contain
the recipient's username, and not the full email address.
This is rather unfortunate, since this makes it hard to figure out which
email address has been compromised, if you have multiple aliases /
virtusernames.
I had a look at the code, and noticed:
static sfsistat
clamfi_envrcpt(SMFICTX *ctx, char **argv)
{
(...)
to = smfi_getsymval(ctx, "{rcpt_addr}");
if(to == NULL)
to = argv[0];
(...)
}
While argv[0] is guaranteed to contain the full recipient email address
(e.g. "<[EMAIL PROTECTED]>"), it appears that the {rcpt_addr}
macro only contains the bare username (e.g. "myusername"). (This is
after applying the virtusertable, but before applying aliases.)
My guess is that {rcpt_addr} is used instead of argv[0] because of
whitelist checking.
No, it was changed because users wanted it to be changed.
– Michael
-Nigel
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
