jesus X wrote:
> Attachments being stored in a separate file is a good idea. But we must maintain > the message portion in a standard mbox for maximum compatibility. I would be > more than happy to give up importing attachments for this extra layer of > security, so long as I can still import mail to other apps. Plus, sometimes you > just need to open the mail file and edit it manually, for various reasons... I don't understand the "extra layer of security" part that would be magically imparted by saving the attachments in a separate location. They are still as deadly as they were when they were part of the message/mbox. I realize we're discussing the security of the mbox as a whole, protecting it from the AV program, but in this case it is the AV program that is behaving like a virus. Since I don't use these programs (I use Ontrack, and have had no problems with it), I see it as THEIR issue. I would much rather see mozilla avoid the type of behaviour that makes these virii dangerous. I mean, come on, does *any* Windows mail client pop up a dialog box saying, "You are about to open an attachment that will most likely erase your hard drive. Do you want to proceed?"? I have *one* procmail recipe on my server that catches 99% of all Windows executable virii. This can't be that difficult to implement in e-mail clients.
