[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: KMail and WINE integration - virus
From: Roger Larsson <roger.larsson () norran ! net>
Date: 2002-10-24 15:31:05
[Download RAW message or body]
On Thursday 24 October 2002 14.01, Daniel Naber wrote:
> On Thursday 24 October 2002 08:44, Roger Larsson wrote:
>
> > * Require approval when starting executables?
>
> We show a dialog for *any* attachment. I don't know how you can click on an
> attachment without getting a dialog (except for forwarded mails). Please
> forward such a message.
Maybe that is the problem. People get used to always click "Open"
that they do not note that a executable is far worse...
Color it red with a bomb when it is an executable - script, PE or ELF.
But of cause *.pdf was one of the most recent problems...
>
> > get when opening a .ps ... It should be big and red and not possible to
> > turn of! (use 'file' to check - file extention is not safe)
>
> Even the warning for *.ps etc cannot be turned off.
>
> > * Running in chroot jail?
>
> This is not KMail specific, besides the problem that things might not work
> in a jail.
Well it kind of KMail specific, since KMail and Konqueror are the most likely
entry point for malicious code/data...
But it could be the right way anyway.
Suppose all attachments are opened in a jail - ultimate distrust of stuff
received from outside. But then web browsing should be run in that jail
too... Can konqueror run in a jail.
With this it would be possible to prevent malicious code to read/modify your
private configuration files. It could add itself to Autostart, or hook into
applinks.
/RogerL
--
Roger Larsson
Skellefteċ
Sweden
_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic