On Sun, 2003-08-31 at 13:04, Robert Walsh wrote: > I've no idea what winmail.dat is, but signature.asc is there for your > protection - it's a pgp signature so you can tell whether the email was > modified in flight or sent by somebody other than the person who claimed > to send it. In my mailer (Evolution), it appears as an icon that > indicates whether the signature matches the email and sender. This is > an Internet standard as documented in rfc2015 (you can read it at this > URL: http://www.ietf.org/rfc/rfc2015.txt) It surprises me that Eudora > can't handle it, since the standard has been around since 1996 or so. > > Asking that no attachments be sent at all seems like an extreme answer > to the virus problem. Sort of an "OK - we give up" solution: nobody > wins. It certainly won't help solve all virus problems (many viruses > propagate by other means such as Windows/Linux/whatever vulnerabilities) > and definitely won't solve the problem of people getting viruses from > other mailing lists or personal emails. These sources can have just as > much an impact on a mailing list or personal email account as mail-based > viruses.
Winmail.dat files are TNEF, "Transport Neutral Exchange Format," with "exchange" being exchange between Microsoft programs. They can contain viruses, and they're proprietary to Microsoft. "Signature.asc" files are RFC 2015/3156 cryptographic signatures, and they cannot contain viruses because the MIME type and signature are not considered executable by any mail software out there. They should show up as plain attachments in mail software that doesn't understand RFC 2015 or 3156. If the main message body is showing up as an attachment as well, upgrade your mail software, because it is not MIME compliant; MIME requires that multipart/* parts with a subtype that is not understood be treated as multipart/mixed, which would mean honoring the "Content-Disposition: inline" header and NOT displaying the body as an attachment. Yes, they clutter up the mailing list archives on the ERPS server, but that's not a problem for users because it's just a bunch of extra files in the attachments directory. I could easily configure the archiving program to strip them, but I haven't gotten around to it and we have plenty of disk space. If you don't like having that extra link there (waah), use one of the other two archives, mail-archive.com or gmane.org. You know, it's really the user's responsibility to protect themselves from viruses. Don't expect the world to bend over just because you run an OS that virus writers seem to like.
signature.asc
Description: This is a digitally signed message part
