jesus X wrote: > I think the best solution would be to keep the mbox format, and have > Mozilla just remove the attachment portion of the message when deleting > it. Rather that writing header+body+encoded_attachment, strip out the > encoded_attachment part when writing to the mbox. It should be trivial, > since we already know how to add the encoded portion to outgoing mails, > this is just the same process in reverse. Deleting messages is the same. > You just remove a portion of the mbox and connect the two halves. Remove > the attachment portion of the header, and the attachment portion of the > body. This way we retain all the advantages of the standard mbox format, > and have a simple method of removing the attachment.
In the case of Eudora the mail seems to be stored in an mbox format. Went and double checked by opening it in Wordpad. It seems the only significant thing it does differently than Mozilla in this regard is strip the attachment before storing to the InBox. The message is stored in mbox format with a link to the attachment provided. In other words, about what you're describing. > Dealing with AV programs is more of an evangelism problem I think. > Frankly, they should be able to strip out an attachment from an MBOX > without destroying it. I'll volunteer to be on that evangelism team. > Working around minor shortcomings (or common ones like we have to with > quirks mode) is one thing. Having to cope with massive misbehavior is > another entirely. My concern is that this is too large a problem to be dealt with via evangelism. We're not talking about a web page not rendering here. Hundreds of thousands of users, if not into the millions, are running a wide variety of different versions of Symantec's AV product. I wouldn't even care to guess at InnoculateIT's numbers. It was a free download for a couple of years. I know a lot of folks that use it still, as CA is still providing updates. No new versions of this app will come out as I explained earlier. While I fully agree that the AV apps should never be so stupid as to not understand mbox, it doesn't get around the fact that they apparently don't. Going after all the AV apps out there feels too much like attacking windmills to me. > Whatever we choose, I feel strongly we need to retain the mbox format. The > possibility that it will break digital signatures is only valid to the > point that if a signed message contains a virus, the sender has bigger > problems than verification of identity. I really wouldn't worry about it. > At worst, relnote that deleting attachments may break digital signatures. I don't use digital sigs myself, so I'm not especially familiar with their use. Since I'm basing my opinions on functionality around what Eudora is doing I'll see if I can figure out how they handle this. I suspect that they just don't strip out a sig, while detatching the other attachments. I'd imagine it's fairly straight forward to tell a sig apart from other kinds of attachments. Later on, -- "Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read." - Groucho Marx
