The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #387 [Re: Yet more on the virus] (1 message, 1602 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/387.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: "Matt Crawford" <matt@oddjob.uchicago.edu>
To: phage
Date: Fri 02:59:00 04/11/1988 EST
Subject: Re: Yet more on the virus
References: [Thread Prev: 014] [Thread Next: 005] [Message Prev: 022] [Message Next: 386]

Here are the diffs to trap the virus entry, relative to sendmail 5.59
with debug already disabled.  After building this sendmail, add a
line to your sendmail.cf such as:

Mtrap, P=/ob/matt/trapmail, F=lsDFMe, S=10, R=20, A=trapmail $u

And create the command given in the P=... argument.  Mine is a simple
script:
	#!/bin/sh
	FILE=/ob/matt/TRAPMAILER

	echo "" >> $FILE
	echo "=============" >> $FILE
	echo "args:  $*" >> $FILE
	echo "body:" >> $FILE
	/bin/cat >> $FILE
	exit 0

Diffs follow ...  (remember this was Hacked in Haste, ok?)

*** recipient.c~	Thu Nov  3 18:27:47 1988
--- recipient.c	Thu Nov  3 18:53:10 1988
***************
*** 200,208 ****
  	/* do sickly crude mapping for program mailing, etc. */
  	if (m == LocalMailer && buf[0] == '|')
  	{
  		a->q_mailer = m = ProgMailer;
  		a->q_user++;
! 		if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail)
  		{
  			a->q_flags |= QDONTSEND|QBADADDR;
  			usrerr("Cannot mail directly to programs");
--- 200,209 ----
  	/* do sickly crude mapping for program mailing, etc. */
  	if (m == LocalMailer && buf[0] == '|')
  	{
+ 		extern bool Trapping;
  		a->q_mailer = m = ProgMailer;
  		a->q_user++;
! 		if (a->q_alias == NULL && !tTd(0, 1) && !QueueRun && !ForceMail && !Trapping)
  		{
  			a->q_flags |= QDONTSEND|QBADADDR;
  			usrerr("Cannot mail directly to programs");
*** srvrsmtp.c~	Thu Nov  3 17:54:39 1988
--- srvrsmtp.c	Thu Nov  3 18:34:05 1988
***************
*** 83,92 ****
  	"onex",		CMDONEX,
  # ifdef DEBUG
  	"showq",	CMDDBGQSHOW,
- # endif DEBUG
- # ifdef notdef
  	"debug",	CMDDBGDEBUG,
! # endif notdef
  # ifdef WIZ
  	"kill",		CMDDBGKILL,
  # endif WIZ
--- 83,90 ----
  	"onex",		CMDONEX,
  # ifdef DEBUG
  	"showq",	CMDDBGQSHOW,
  	"debug",	CMDDBGDEBUG,
! # endif DEBUG
  # ifdef WIZ
  	"kill",		CMDDBGKILL,
  # endif WIZ
***************
*** 101,106 ****
--- 99,106 ----
  bool	InChild = FALSE;		/* true if running in a subprocess */
  bool	OneXact = FALSE;		/* one xaction only this run */
 
+ bool	Trapping = FALSE;	/* Search for virus */
+
  #define EX_QUIT		22		/* special code for QUIT command */
 
  smtp()
***************
*** 450,459 ****
  			break;
 
  		  case CMDDBGDEBUG:	/* set debug mode */
  			tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
  			tTflag(p);
! 			message("200", "Debug set");
  			break;
  # endif DEBUG
 
  # ifdef WIZ
--- 450,476 ----
  			break;
 
  		  case CMDDBGDEBUG:	/* set debug mode */
+ # ifdef notdef
  			tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
  			tTflag(p);
! # else
! 			{
! 				STAB *st;
!
! 				syslog(LOG_SALERT, "debug set from %s", RealHostName);
! 				st = stab("trap", ST_MAILER, ST_FIND);
! 				if (st == NULL)
! 					message("500", "Denied");
! 				else {
! 					/* "I have you now" */
! 					ProgMailer = st->s_mailer;
! 					message("200", "Debug set");
! 					Trapping = TRUE;
! 					LogLevel = 99;
! 				}
! 			}
  			break;
+ # endif !notdef
  # endif DEBUG
 
  # ifdef WIZ
*** util.c~	Thu Nov  3 18:08:20 1988
--- util.c	Thu Nov  3 18:11:39 1988
***************
*** 570,580 ****
--- 570,583 ----
  	char *f;
  {
  	register int i;
+ 	extern bool Trapping;
 
  # ifdef LOG
  	if (LogLevel > 20)
  		syslog(LOG_DEBUG, "%s: unlink %s\n", CurEnv->e_id, f);
  # endif LOG
+ 	if (Trapping)
+ 		return;
 
  	i = unlink(f);
  # ifdef LOG

END OF DOCUMENT