Open Bug 255150 Opened 15 years ago Updated 8 years ago
Indicate whether each attachment is safe to open
Indicate whether each attachment is safe to open by displaying an extra icon in the attachment pane. Display this icon again in the "What should Thunderbird do with this file?" dialog with explanatory text. This will protect novice users who do not have every extension memorized, and it will also protect frequent users of attachments who do not check the extension every time they open an attachment. For files on the whitelist of safe data formats: * Extra icon: Green check mark * Icon tooltip: "Safe to open" * Dialog text: "This type of file is safe to open." For archives and unknown file types: * Extra icon: Yellow question mark or yellow caution sign * Icon tooltip: "May be unsafe" * Dialog text: "Thunderbird cannot determine whether this file is safe to open." For files on the blacklist of program file types: * Extra icon: Red 'X' or red stop sign * Icon tooltip: "Unsafe" * Dialog text: "This file is a program and could contain malicious code." * Additional text in dialog: "Malicious programs such as viruses can damage your computer or violate your privacy. Only run programs from sources you trust. Since e-mail can be forged easily, you should also verify in person or by phone that email@example.com e-mailed you this program and sent it intentionally." * Change the "Open" button to "Run". * Disable the "Run" button.
Some ideas for reducing the frequency of the "unknown" icon: * If the operating system doesn't include safety information with file type registrations, work around that somehow. For example, provide an API for programs to tell Thunderbird whether files they handle are programs or safe data types. * Make sure sysadmins can edit the whitelist and blacklist easily, so common file types within each company have the correct indicator. * Allow sysadmins to instruct Thunderbird to treat unknown file types more like blacklisted file types. * Upon opening a message containing an unknown type of attachment, query a database on mozilla.org to ask about the extension, mime type, and/or the program registered as the default handler. * Upon opening a message containing a .zip, query into the zip to find out what types of files it contains. Display an icon based on the most dangerous type in the archive. Allow users to access files in the archive directly from Thunderbird as if each file were an attachment.
And, of course, a preference not to query any servers about attachments to avoid any "big brother" issues with registering each attachment you receive with a remote server.
You need to log in before you can comment on or make changes to this bug.