3 replies to this topic

[kvernick]

I see one new feature in v2, the directory for downloaded email attachments now propagates untrusted status to all files in the directory, no matter how they were put there (even you copy a trusted file into the download directory, it becomes untrusted). This is great! Before, email attachments were downloded as trusted, a potentially big security leak.

However, MS Word attachments behave better in DW beta4 than Acrobat PDF files.

For MS Office files, open the file by clicking on it starts (Word, excel, etc) in untrusted mode. However, open downloaded (untrusted) acrobat files by clicking and Acrobat program starts as trusted (or at least the header does not say untrusted). However, if you open an acrobat file by clicking the icon INSIDE the email (ie, in the untrusted Eudora program), then Acrobat starts as untrusted.

See what I mean? - Downloded ms office files are untrusted no matter how you open them, but downloaded PDF, even though their status is untrusted, will run as trusted if double-click the (untrusted) file itself.

I don't know about other file types, I didn't try but these 2 kinds probably cover most attachments.

[Ilya Rabinovich]

Well, I haven't heard about malicious code within .pdf files. Yes, I may track those files, but is there any sense with it?

[kvernick]

Well I agree If there are no known security problems with PDF files, which I haven't heard of, then it doesn't seem like a high priority to deal with it

[Ilya Rabinovich]

Anyway, you always can run .pdf file as untrusted manually.