Hello Gwen, > why are we not able to disable previews and tabs of attachments in > message list by settings?
To disable attachment preview, use the "Attachment auto-preview" option in the attachment pane popup or "Workspace|Attached files|Attachment auto-preview" > I am really concerned about security issues related to the attachment > viewer. We have tested the code and it's proven to be safe. We've tested against existing exploits and we see that the exploits don't work with The Bat! > 1. If attachments are rendered by Chromium CEF, there are always > security issues in browser viewer part of The Bat!. Attachments are first converted into safe and simple HTML code, so what security issues do you see there? > 3. The Bat!'s XML parser for some data types can be vulnerable. No security issues were found so far. > 2. Vulnerability could be the unpacking of compressed > data. No security issues were found in the ZIP library so far. Yeah, ZIP bombs may cause "out of memory" messages, but that's the only bad thing that may happen. > I think there is a real need of never opening attachments, not even hidden > internally!, if that is forbidden by The Bat! settings. Attachments are read in a very similar way as parsing email messages. If the parsing code is good enough, why should you worry? Parsing emails or images or protocols is also a potentially vulnerable task if a wrong coding approach is taken, especially when it comes to cryptography. Just take a look at logged The Bat! security/vulnerability issues - do you see many found in 25 years? -- Best regards, Stefan Tanurkov ________________________________________________________ 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
