[EMAIL PROTECTED] writes:
> >Russ Allbery writes:
> > > I'd like to back this up, and point out here that too much Microsoft
> > > bashing on this one is misplaced.
> >
> >Sorry, Russ, this *is* a Microsoft problem. When many people make the
> >same mistake, it is a failure of technology, not a failure of people.
> >Software that fails to adapt to people's usual and expected behavior
> >is wrong.
>
> Well, yes and no.
>
FWIW, what I did, since I use procmail as a local delivery agent with
qmail, is scan the top 50 lines of all incoming, (when its delivered
to the user's Mailbox out of ~/.qmail,) and if an attachment is found,
mime encapsulate around the attachment with a text warning the user
can't miss that attachments can contain evil stuff, click at your own
risk. It at least stops automatic execution of the MS Office
suite. (Unfortunately, it requires an RFC 932 compliant MUA on the PCs
to get a valid attachment, which are kind of hard to come buy-but
Netscape seems to work OK.) At least there is no excuse for someone
clicking on Melissa or Papa.
They can't say they didn't know.
Scanning the top 50 lines does not seem to hammer box resources too
bad, and is done on the rcpt's machine, which is not the mail server
in my case, (cheap Linux boxes work.)
John
BTW, I put the address of the sender of the attachment in the warning,
since procmail's formail will extract such stuff, and a statement that
if you don't know this person, don't click. Also, a link to an
IntrAnet page explaining the situation concerning the problems with
attachments, that link into the web media stuff, blah, blah, blah.
--
John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
[EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
