[Users] Custom browser and access protection on Windows

Iman imanggp at gmail.com
Mon Jun 1 22:33:17 CEST 2020 

> DM: There are likely multiple ways you can do this, and you might
> prefer one over another depending on your setup. You'll first want to
> find an encryption software that you want to use -- one option is
> Veracrypt. 

Veracrypt is great! I used it in portable mode along with symbolic hard
links in windows and it's now even more awesome! (of course you should
have administrator access for Veracrypt to work)

> DM: You can also use encryption software to encrypt just a part of a
> drive or partition. In Veracrypt, you can create what's called a 'file
> container' of your specified size. You can then mount this as a
> separate 'drive' or 'partition' by entering the password you created
> for it. When you have it open, you can then 'tell' CM that you want it
> to put your sensitive data (address book, emails, etc.) there. There
> are two main parts to this:

I also followed this approach with a 300 MB file to be mounted. I guess
I can reduce it, since I chose this size based on what I saw inside
claws-mail for an account which was 95 MB but the "%appdata%\claws-mail"
folder shows less than 10 MB.

> * 1a. You will probably need to install CM by compiling it rather than
>   by just running a setup file...

Well, I'm not very familiar with compiling it, and after finding the
hard linking solution less interested in this, but yet I keep it in my
mind.

> * 1b. [...]
> [...] (BTW, the thing I love about being able to specify alternative
> configuration directories is that you can have multiple instances of
> CM running at the same time, accessing a completely different set of
> settings and emails.)

I think this should be possible now with what I'm doing, but not tested.

Also I should thank you, Dustin, for other tips in the rest of your
message that turned on some new lights to work around this issue.

But let I describe what I've done till now:

1. I created a file container using Veracrypt to the desired folder let
call it "path_to_Veracrypt_file".
2. mounted the Veracrypt container file.
3. Closed the claws mail and moved its folder from appdata to mounted
drive. Claws mail config and email files both are inside folder 
"%appdata%\Claws-mail"
4. created a symbolic hard link pointing to the container file inside
%appdata% named "Claws-mail".

Thats the idea.

Now all seem to be fine. But I need to automate this process. Also I
found out that with symlink existed in %appdata%, and Veracrypt
unmounted, claws mail wouldn't run. If I want everything appear normal,
I need to remove that link after closing claws mail and restore
previous claws mail folder.

All of these lead me to 2 batch files, one to to start claws mail (and
its dependencies!) and another to close them.

in the following code, big "V" is the drive letter I chose to Veracrypt
mount into it.

===========
file "start.bat"
===========

cd VeraCrypt_folder
VeraCrypt.exe /v "path_to_Veracrypt_file" /l V /b /p "password" /q /s
/m rm ren %appdata%\Claws-mail Claws-mail-old
mklink /J %appdata%\Claws-mail V:\Claws-mail
start "" "D:\Program Files\ClawsMail\claws-mail.exe"

===========
file "end.bat"
===========

taskkill /f /im claws-mail.exe
cd VeraCrypt_folder
VeraCrypt.exe /dismount /q /s
rd %appdata%\Claws-mail
ren %appdata%\Claws-mail-old Claws-mail

and till now it seems to work without problem :D

More information about the Users mailing list