Closed Bug 266429 Opened 20 years ago Closed 20 years ago

Request: Antivirus integration to scan incoming email messages and remove infected attachments

Categories

(Thunderbird :: General, enhancement)

Product:
Thunderbird
Component:
General
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 247223

People

(Reporter: vngarla, Assigned: mscott)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1

Every commercial email client (Outlook, Outlook Express, Lotus Notes, ...) and
some Open Source clients (KMail) support antivirus integration for scanning
email messages.  Thunderbird needs this functionality.  It is a well known fact
that email attachments are the most common infection vector.  Although the
attachments may not affect mozilla directly, a user who opens an attachment
which contains a virus will infect his system.  

In addition, mozilla opens image files in html emails; this can be exploited
(see http://www.linuxsecurity.com/advisories/redhat_advisory-4486.html), i.e.
thunderbird is vulnerable to buffer overflow attacks.

It is the job of AV software to kill viruses.  However, neither Thunderbird nor
Mozilla allow AV to do its job.  For all their security problems, Outlook and
Outlook Express have hooks which AV software can use to scan incoming mail, and
reject mail/attachments with viruses. Mozilla/Thunderbird has no such interface,
so it is not possible for AV software to remove infected attachments. 
Furthermore, although it is possible for AV software to scan the mail files on
the harddisk, it doesn't do much good: as documented in
http://www.mozilla.org/start/1.5/troubleshooting/#virus, users are instructed to
*not* scan mail files.

Thunderbird is meant for all users.  All users include people who
indiscriminately open attachments, and rely on AV software to protect them.

In light of the fact that kmail has av support, it shouldn't be too difficult to
leverage some of that code.



Reproducible: Always
Steps to Reproduce:
1. I can reproduce this limitation easily - I'll just send you an infected
attachment
2 [review].  you'll see the mail with infected attachment in your inbox.
3.  If you have a scanner activated, scan your mail file - the scanner will
identify the virus, but will be unable to clean the mail file.




Expected Results:  
Removed the attachment from the email, in it's place, added a note saying that
the infected attachment was removed/quarantined.
Searching Bugzilla is not always easy, but searching on "virus" easily pointed 
me to the duplicate.  Please do not file bugs until you've made an effort to 
find an existing report.


(In reply to comment #0)
> In addition, mozilla opens image files in html emails; this can be exploited
> (see http://www.linuxsecurity.com/advisories/redhat_advisory-4486.html), i.e.
> thunderbird is vulnerable to buffer overflow attacks.

That has nothing to do with AV.  In fact, current versions of TB do *not* open 
images in HTML messages by default, and you can make various settings (e.g. 
View|Message Body As|Simple HTML) to prevent it from happening at all.

*** This bug has been marked as a duplicate of 247223 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Oh, I didn't notice -- *you* filed the earlier bug.  Do not refile bugs.
My mistake -- you did not file that dupe, but you've already commented there 
multiple times.
(In reply to comment #3)
> My mistake -- you did not file that dupe, but you've already commented there 
> multiple times.

Sorry, didn't mean to refile, however the old bug was left as unconfirmed.  The 
point is, attachments need to be scanned.  I'll go ahead and confirm bug 247223 
(as I said, it is fairly easy to reproduce).
(In reply to comment #3)
> My mistake -- you did not file that dupe, but you've already commented there 
> multiple times.

Can't change the status - only the owner can do that.  This is what I wanted to 
say in the comment while changing the status:

This 'bug' is fairly easy to reproduce.

Reproducible: Always
Steps to Reproduce:
1. I can reproduce this limitation easily - I'll just send you an infected
attachment
2 [details] [diff] [review].  you'll see the mail with infected attachment in your inbox.
3.  If you have a scanner activated, scan your mail file - the scanner will
identify the virus, but will be unable to clean the mail file.

Expected Results:  
Thunderbird should 
- scan attachments on incoming email
- remove infected attachments from the email
- in their place, add a note saying that the infected attachment was removed or 
quarantined.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.