[Users] [Bulk] Re: [Bulk] Re: Claws config needs much better documentation

Kevin Chadwick ma1l1ists at yahoo.co.uk
Tue Jul 31 13:20:56 CEST 2012


On Tue, 31 Jul 2012 15:10:18 +0530
Sitaram Chamarty wrote:

> > Executing a virus and having the password stolen that they also use for
> > their front door or Googles admin servers ;-) might be surprising too.  
> 
> I didn't understand this.  Are you saying opening a message may pull
> in malware on Claws?
> 
> Even the default config for the "fancy" plugin has "Block External
> content" and keeps JS and Java disabled.
> 
> Could you help me understand what you meant?

Outlook has had many exploits that are related to html parsing. Even
png and jpeg have had many exploits on Unix. By default I expect
you have a reasonable guarantee on claws with regard to the html to text
feature. I'm not sure what the default is for "Automatically Display
attached images" in preferences but there is certainly plenty more low
hanging fruit on other clients for malware to target. It annoys me that
there is only html mode on my constantly known bug ridden Android at the
moment.



More information about the Users mailing list