Hello Stefan, why are we not able to disable previews and tabs of attachments in message list by settings?
I have disabled opening attachments of Microsoft Office data and other types, but the preview tab is always visible and shows a preview of f.ex. MS documents when accidentally clicked on this tab. This means for me such attachments are internally open and rendered. I am really concerned about security issues related to the attachment viewer. My questions now: how do you protect us The Bat! users from malicious attachments? 1. If attachments are rendered by Chromium CEF, there are always security issues in browser viewer part of The Bat!. And Chromium sandbox is not really a good protection. 2. Vulnerability could be the unpacking of compressed data. Think about a so called ZIP bomb or a compressed archive which is decompressed by a vulnerable zlib (or similar) program lib of The Bat!. 3. The Bat!'s XML parser for some data types can be vulnerable. I think there is a real need of never opening attachments, not even hidden internally!, if that is forbidden by The Bat! settings. Please take some time and explain us why The Bat! is still stay safe related to attachments. -- Regards Gwen Using The Bat! Version 10.3.2 (32-bit) on Windows 10.0 (Build 19045 )
pgpzLTLUSqnqJ.pgp
Description: PGP signature
________________________________________________________ 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
