Nigel Horne wrote:
Michael Schaap wrote:
Hi,
I noticed that virus notifications sent by clamav-milter only contain
the recipient's username, and not the full email address.
This is rather unfortunate, since this makes it hard to figure out
which email address has been compromised, if you have multiple
aliases / virtusernames.
I had a look at the code, and noticed:
static sfsistat
clamfi_envrcpt(SMFICTX *ctx, char **argv)
{
(...)
to = smfi_getsymval(ctx, "{rcpt_addr}");
if(to == NULL)
to = argv[0];
(...)
}
While argv[0] is guaranteed to contain the full recipient email
address (e.g. "<[EMAIL PROTECTED]>"), it appears that the
{rcpt_addr} macro only contains the bare username (e.g.
"myusername"). (This is after applying the virtusertable, but before
applying aliases.)
My guess is that {rcpt_addr} is used instead of argv[0] because of
whitelist checking.
No, it was changed because users wanted it to be changed.
I'll have to take your word for it. (Can't find anything in the mail
archives, but I find those are a bit hard to navigate, so that's
probably just me.)
I do find it a bit unfortunate, though, that the default behaviour is
_not_ to use the actually used recipient for reporting purposes (which
can cause incorrect email addresses to be used in headers), and you have
to jump through hoops to get it to use the IMO ‘proper’ recipient
address. And none of this seems to be documented.
Oh well,
– Michael
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
