Michael Collette wrote:
> Normally this buggy behavior doesn't occur, but a recent virus called
> BadTrans attempts via HTML to launch a still attached virii.
I have several comments:
1) I don't understand how HTML has the capability to launch /anything/.
2) Norton has an option called, "Exclude selected files and folders".
I would assume other major utilities do too. Why can't a warning
go into the release notes that tells the user to exclude the mozilla
mail directory? This option would involve far less effort and
development risk.
3) I don't believe Mozilla could ever handle attachments right if it
were to transcribe them into files. There are several complexities:
a) Mozilla should handle every variant of the MIME standard,
including the complexity of nested attachments that may contain
alternative media types for the same component. Alternative media
types require human intervention to choose the alternative when disk
space is tight.
b) When an attachment is large and disk space is tight, having the
attachment in the mbox file while Mozilla automatically transcribes it
to a separate file is undesireable when the disk runs out of space.
Mozilla has to handle the exception case that requires additional
complexity.
4) Improving MIME handling is something I see as necessary in any
case, and it does solve the issues enumerated in (3) above.
> This may seem narrow minded, but additional functionality in regards to
> manipulating attachments isn't the solution, as it doesn't address the
> problem. The root problem is dataloss due to program interaction.
I agree with you. Manipulating attachments doesn't address the AV
utility problem. I recommend using release notes to address problems
with external interactions like a lot of other software does.
Automatically transcribing attachments into local files has the
potential to cause more problems than it solves, and it's an
/expensive/ way to solve the problem. I strongly believe the Right
Way to handle attachments is to better support MIME within the mbox
file. Adding a feature to transcribe attachments to disk seems
superfluous, undesireable, and error-prone.
--
6e77a 70 6e 6e7a!
Remove the _no_spam_ from my email address to reach me.
