[Users] Custom browser and access protection on Windows

Tue Jun 2 06:48:14 CEST 2020

On Tue, 2 Jun 2020 01:03:17 +0430
Iman <imanggp at gmail.com> wrote:

> > DM: There are likely multiple ways you can do this, and you might
> > prefer one over another depending on your setup. You'll first want
> > to find an encryption software that you want to use -- one option is
> > Veracrypt.   
> 
> Veracrypt is great! I used it in portable mode along with symbolic
> hard links in windows and it's now even more awesome! (of course you
> should have administrator access for Veracrypt to work)
> 
DM: Glad to hear it's working for what you need.
> 
> > DM: You can also use encryption software to encrypt just a part of a
> > drive or partition. In Veracrypt, you can create what's called a
> > 'file container' of your specified size. You can then mount this as
> > a separate 'drive' or 'partition' by entering the password you
> > created for it. When you have it open, you can then 'tell' CM that
> > you want it to put your sensitive data (address book, emails, etc.)
> > there. There are two main parts to this:  
> 
> I also followed this approach with a 300 MB file to be mounted. I
> guess I can reduce it, since I chose this size based on what I saw
> inside claws-mail for an account which was 95 MB but the
> "%appdata%\claws-mail" folder shows less than 10 MB.
> 
DM: It sounds like you also are storing your emails here, so this will
depend on how much space you need related to potentially growing numbers
of emails.
> 
> > * 1a. You will probably need to install CM by compiling it rather
> > than by just running a setup file...  
> 
> Well, I'm not very familiar with compiling it, and after finding the
> hard linking solution less interested in this, but yet I keep it in my
> mind.
> 
DM: I haven't done much with links, but it sounds like a reasonable
alternative if it's working for you.
> 
> > * 1b. [...]
> > [...] (BTW, the thing I love about being able to specify alternative
> > configuration directories is that you can have multiple instances of
> > CM running at the same time, accessing a completely different set of
> > settings and emails.)  
> 
> I think this should be possible now with what I'm doing, but not
> tested.
> 
> Also I should thank you, Dustin, for other tips in the rest of your
> message that turned on some new lights to work around this issue.
> 
DM: No problem; glad to share the little bit that I've learned as I've
used the program.
> 
> But let I describe what I've done till now:
> 
> 1. I created a file container using Veracrypt to the desired folder
> let call it "path_to_Veracrypt_file".
> 2. mounted the Veracrypt container file.
> 3. Closed the claws mail and moved its folder from appdata to mounted
> drive. Claws mail config and email files both are inside folder 
> "%appdata%\Claws-mail"
> 4. created a symbolic hard link pointing to the container file inside
> %appdata% named "Claws-mail".
> 
> Thats the idea.
> 
> Now all seem to be fine. But I need to automate this process. Also I
> found out that with symlink existed in %appdata%, and Veracrypt
> unmounted, claws mail wouldn't run.
> 
DM: That is what I would expect, since it's likely the system wouldn't
be able to find whatever the link is pointing to. If you ever want to
find out more specifics on this, it's likely that running CM from the
command-line with the '--debug' option would give you some output even
if CM doesn't start. This was helpful for me once in figuring out that
CM wouldn't start because it was trying to access an old defunct path
for a configuration directory I had used previously.
> 
> If I want everything appear normal, I need to remove that link after
> closing claws mail and restore previous claws mail folder.
> 
> All of these lead me to 2 batch files, one to to start claws mail (and
> its dependencies!) and another to close them.
> 
> in the following code, big "V" is the drive letter I chose to
> Veracrypt mount into it.
> 
> ===========
> file "start.bat"
> ===========
> 
> cd VeraCrypt_folder
> VeraCrypt.exe /v "path_to_Veracrypt_file" /l V /b /p "password" /q /s
> /m rm ren %appdata%\Claws-mail Claws-mail-old
> mklink /J %appdata%\Claws-mail V:\Claws-mail
> start "" "D:\Program Files\ClawsMail\claws-mail.exe"
> 
> ===========
> file "end.bat"
> ===========
> 
> taskkill /f /im claws-mail.exe
> cd VeraCrypt_folder
> VeraCrypt.exe /dismount /q /s
> rd %appdata%\Claws-mail
> ren %appdata%\Claws-mail-old Claws-mail
> 
> and till now it seems to work without problem :D
> 
DM: Sounds good. I don't know a lot about batch files, but if I'm
understanding your process right, it looks like your first batch file
allows you to access an encrypted version of CM, but then your second
batch file will only give you access to an unencrypted version of CM,
presumably at the default locations. (BTW, nothing inside a Veracrypt
file container can be accessed unless it's mounted, and when it is
mounted, all the data inside of it is still encrypted.)

DM: So does that mean that you sometimes want to use an encrypted
version and sometimes an unencrypted one, but of the same set of emails
and settings? If so, then it seems like you still need to find a way to
automate the copying of data back and forth so that any changes you
make (new messages; deleted messages, changed settings, etc.) will be
synced. But perhaps I'm misunderstanding your goals and your solution.
Anyway, if you're able to get it to do what you need it to do, that's
the main thing. :) ---Dustin