Bug#818897: Exim4 change CWD string to /
Roman Bulakh
bulah.roman at gmail.com
Mon Mar 21 14:12:14 UTC 2016
Package: exim4
Version: 4.80-7+deb7u2
After updates exim to version 4.80-7+deb7u2 exim.c change CWD dir to /
on startup.
Checking cwd=/some/vay was a popular heuristic for
identifying the source of malware sending email.
The output would look something like this:
2016-03-04 11:46:22 cwd=/root 9 args: /usr/sbin/sendmail -FCronDaemon
-i -odi -oem -oi -t -f root
Now it looks like this:
2016-03-04 11:46:22 cwd=/ 9 args: /usr/sbin/sendmail -FCronDaemon -i
-odi -oem -oi -t -f root
More information about the Pkg-exim4-maintainers
mailing list