Michael Collette wrote:
>The main counterpoint to this is that it is important to maintain the
>integrity of the mbox format for backups and portability. By changing to a
>different way of handling things would overly complicate portability
>between OS's and mail clients. Dataloss involving AV apps should be should
>be considered the responsiblity of the AV vendors. Attachments are part of
>the E-Mail message, and should remain as such unless the entire message is
>deleted.
>(note: I hope I'm fairly representing this)
>
Yes, with 2 exceptions:
* I don't mind deleting the attachment, if (and only if) the user
explicitly requested it.
That would be bug 2920 and different from what you suggest (never
store attachments together with the rest of the mail).
* Separating attachments from the rest of the mails doesn't
necessarilyl solve the AV problem.
As stated on the bug, many AV software packages just scan for
significant bytes, and these might already be the subject or body
or other structure (e.g. attachment filename) of the email (e.g.
"Want to see pictures of ...?", "filename=foobar.wav.exe"). In
other words, you might still end up with all your mails deleted
and only the attachments (maybe even incl. the virus) surviving.
IMO, if the AV software brutally deletes all mails, that's their
unexcusable fault and we can't do much about it, esp. if it means such
drastic changes.
I am much more worried about bug 109249.
