Actually, one could argue that saving attachments in the mbox file is safer from a security standpoint since the virus is never decoded into a machine readable form. Consider the scenario, of someone who gets a virus in their e-mail, but just ignores it instead of reading it since to them it is an obvious virus. Six months later, they go through their attachment folder to get rid of excess files. In order to determine if a file is useful, they click on it since they no longer have the context of the e-mail to tell them that it is a virus. They now get infected...
Also, for me I generally dislike attachments and never send them and prefer that noone sends them to me. If I want someone to see something, I post it to my personal web space and send them a link. And since I download my mail manually, attachments for me are always going to be stored in the mbox file and Mozilla will always support reading the format, so poot, I will stop posting on this now... Jorey Bump wrote: > jesus X wrote: > > >> Attachments being stored in a separate file is a good idea. But we >> must maintain >> the message portion in a standard mbox for maximum compatibility. I >> would be >> more than happy to give up importing attachments for this extra layer of >> security, so long as I can still import mail to other apps. Plus, >> sometimes you >> just need to open the mail file and edit it manually, for various >> reasons... > > > I don't understand the "extra layer of security" part that would be > magically imparted by saving the attachments in a separate location. > They are still as deadly as they were when they were part of the > message/mbox. > > I realize we're discussing the security of the mbox as a whole, > protecting it from the AV program, but in this case it is the AV program > that is behaving like a virus. Since I don't use these programs (I use > Ontrack, and have had no problems with it), I see it as THEIR issue. I > would much rather see mozilla avoid the type of behaviour that makes > these virii dangerous. I mean, come on, does *any* Windows mail client > pop up a dialog box saying, "You are about to open an attachment that > will most likely erase your hard drive. Do you want to proceed?"? > > I have *one* procmail recipe on my server that catches 99% of all > Windows executable virii. This can't be that difficult to implement in > e-mail clients. >
