[Users] [Bulk] Re: [Bulk] Re: Claws config needs much better documentation

Sitaram Chamarty sitaramc at gmail.com
Tue Jul 31 14:24:38 CEST 2012


On Tue, Jul 31, 2012 at 4:50 PM, Kevin Chadwick <ma1l1ists at yahoo.co.uk> wrote:
> On Tue, 31 Jul 2012 15:10:18 +0530
> Sitaram Chamarty wrote:
>
>> > Executing a virus and having the password stolen that they also use for
>> > their front door or Googles admin servers ;-) might be surprising too.
>>
>> I didn't understand this.  Are you saying opening a message may pull
>> in malware on Claws?
>>
>> Even the default config for the "fancy" plugin has "Block External
>> content" and keeps JS and Java disabled.
>>
>> Could you help me understand what you meant?
>
> Outlook has had many exploits that are related to html parsing. Even

Who asked about Outlook?

> png and jpeg have had many exploits on Unix. By default I expect
> you have a reasonable guarantee on claws with regard to the html to text
> feature. I'm not sure what the default is for "Automatically Display
> attached images" in preferences but there is certainly plenty more low
> hanging fruit on other clients for malware to target. It annoys me that
> there is only html mode on my constantly known bug ridden Android at the
> moment.

You basically threw up a strawman argument to bolster your contention
that the current default is safer when it actually has nothing to do
with safety.



More information about the Users mailing list