Closed nido009 closed 10 years ago
Hi nido009, I would agree with you only partially, because in some situations (when you have multi-tenancy setup) you would block/quarantine the infected mail but give the end user the possibility to download the attachment at HIS OWN RISK :) Otherwise, I would agree to block attachment downloads, but as far as I know it's a configuration permission that you can set in mailscanner to not allow attachments to be downloaded from the interface, however this will affect all the attachments in any mail flowing through your baruwa install. Perhaps Andrew can correct me if I'm wrong. Cheers, Anis
what about this: if attachment is affected allow admins to to download attachment. My problem: can't find the user-object in preview.html where i could check with is_admin().
We are investigating how best to implement this, we will release an update with a fix at some point in the near future.
when a user previews a infected message, he is able to klick on the attachment link and download the infected file.
baruwa/templates/messages/preview.html should handle infected attachments and do not offer them for download.
expected behavior of infected attachment is not to allow user download.