|
|
ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #387 [Re: Yet more on the virus] (1 message, 1602 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/387.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: "Matt Crawford" <matt@oddjob.uchicago.edu>
To: phage
Date: Fri 02:59:00 04/11/1988 EST
Subject: Re: Yet more on the virus
References:
[Thread Prev: 014]
[Thread Next: 005]
[Message Prev: 022]
[Message Next: 386]
Here are the diffs to trap the virus entry, relative to sendmail 5.59
with debug already disabled. After building this sendmail, add a
line to your sendmail.cf such as:
Mtrap, P=/ob/matt/trapmail, F=lsDFMe, S=10, R=20, A=trapmail $u
And create the command given in the P=... argument. Mine is a simple
script:
#!/bin/sh
FILE=/ob/matt/TRAPMAILER
echo "" >> $FILE
echo "=============" >> $FILE
echo "args: $*" >> $FILE
echo "body:" >> $FILE
/bin/cat >> $FILE
exit 0
Diffs follow ... (remember this was Hacked in Haste, ok?)
*** recipient.c~ Thu Nov 3 18:27:47 1988
--- recipient.c Thu Nov 3 18:53:10 1988
***************
*** 200,208 ****
/* do sickly crude mapping for program mailing, etc. */
if (m == LocalMailer && buf[0] == '|')
{
a->q_mailer = m = ProgMailer;
a->q_user++;
! if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
{
a->q_flags |= QDONTSEND|QBADADDR;
usrerr("Cannot mail directly to programs");
--- 200,209 ----
/* do sickly crude mapping for program mailing, etc. */
if (m == LocalMailer && buf[0] == '|')
{
+ extern bool Trapping;
a->q_mailer = m = ProgMailer;
a->q_user++;
! if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail && !Trapping)
{
a->q_flags |= QDONTSEND|QBADADDR;
usrerr("Cannot mail directly to programs");
*** srvrsmtp.c~ Thu Nov 3 17:54:39 1988
--- srvrsmtp.c Thu Nov 3 18:34:05 1988
***************
*** 83,92 ****
"onex", CMDONEX,
# ifdef DEBUG
"showq", CMDDBGQSHOW,
- # endif DEBUG
- # ifdef notdef
"debug", CMDDBGDEBUG,
! # endif notdef
# ifdef WIZ
"kill", CMDDBGKILL,
# endif WIZ
--- 83,90 ----
"onex", CMDONEX,
# ifdef DEBUG
"showq", CMDDBGQSHOW,
"debug", CMDDBGDEBUG,
! # endif DEBUG
# ifdef WIZ
"kill", CMDDBGKILL,
# endif WIZ
***************
*** 101,106 ****
--- 99,106 ----
bool InChild = FALSE; /* true if running in a subprocess */
bool OneXact = FALSE; /* one xaction only this run */
+ bool Trapping = FALSE; /* Search for virus */
+
#define EX_QUIT 22 /* special code for QUIT command */
smtp()
***************
*** 450,459 ****
break;
case CMDDBGDEBUG: /* set debug mode */
tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
tTflag(p);
! message("200", "Debug set");
break;
# endif DEBUG
# ifdef WIZ
--- 450,476 ----
break;
case CMDDBGDEBUG: /* set debug mode */
+ # ifdef notdef
tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
tTflag(p);
! # else
! {
! STAB *st;
!
! syslog(LOG_SALERT, "debug set from %s", RealHostName);
! st = stab("trap", ST_MAILER, ST_FIND);
! if (st == NULL)
! message("500", "Denied");
! else {
! /* "I have you now" */
! ProgMailer = st->s_mailer;
! message("200", "Debug set");
! Trapping = TRUE;
! LogLevel = 99;
! }
! }
break;
+ # endif !notdef
# endif DEBUG
# ifdef WIZ
*** util.c~ Thu Nov 3 18:08:20 1988
--- util.c Thu Nov 3 18:11:39 1988
***************
*** 570,580 ****
--- 570,583 ----
char *f;
{
register int i;
+ extern bool Trapping;
# ifdef LOG
if (LogLevel > 20)
syslog(LOG_DEBUG, "%s: unlink %s\n", CurEnv->e_id, f);
# endif LOG
+ if (Trapping)
+ return;
i = unlink(f);
# ifdef LOG
END OF DOCUMENT
| ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |