Open Bug 255150 Opened 15 years ago Updated 8 years ago

Indicate whether each attachment is safe to open


(Thunderbird :: Mail Window Front End, enhancement)

Windows XP
Not set


(Not tracked)


(Reporter: jruderman, Unassigned)


(Blocks 1 open bug)


Indicate whether each attachment is safe to open by displaying an extra icon in
the attachment pane.  Display this icon again in the "What should Thunderbird do
with this file?" dialog with explanatory text.

This will protect novice users who do not have every extension memorized, and it
will also protect frequent users of attachments who do not check the extension
every time they open an attachment.

For files on the whitelist of safe data formats:

* Extra icon:    Green check mark
* Icon tooltip:  "Safe to open"
* Dialog text:   "This type of file is safe to open."

For archives and unknown file types:

* Extra icon:    Yellow question mark or yellow caution sign
* Icon tooltip:  "May be unsafe"
* Dialog text:   "Thunderbird cannot determine whether this file is safe to open."

For files on the blacklist of program file types:

* Extra icon:    Red 'X' or red stop sign
* Icon tooltip:  "Unsafe"
* Dialog text:   "This file is a program and could contain malicious code."
* Additional text in dialog: "Malicious programs such as viruses can damage your
computer or violate your privacy.  Only run programs from sources you trust. 
Since e-mail can be forged easily, you should also verify in person or by phone
that e-mailed you this program and sent it intentionally."
* Change the "Open" button to "Run".
* Disable the "Run" button.
Some ideas for reducing the frequency of the "unknown" icon:

* If the operating system doesn't include safety information with file type
registrations, work around that somehow.  For example, provide an API for
programs to tell Thunderbird whether files they handle are programs or safe data

* Make sure sysadmins can edit the whitelist and blacklist easily, so common
file types within each company have the correct indicator.

* Allow sysadmins to instruct Thunderbird to treat unknown file types more like
blacklisted file types.

* Upon opening a message containing an unknown type of attachment, query a
database on to ask about the extension, mime type, and/or the
program registered as the default handler.

* Upon opening a message containing a .zip, query into the zip to find out what
types of files it contains.  Display an icon based on the most dangerous type in
the archive.  Allow users to access files in the archive directly from
Thunderbird as if each file were an attachment.
And, of course, a preference not to query any servers about attachments to avoid
any "big brother" issues with registering each attachment you receive with a
remote server.
QA Contact: front-end
Assignee: mscott → nobody
You need to log in before you can comment on or make changes to this bug.