>This shouldn't break anything and should work... whether that's really
>what you really want to do (discard the data) is another question
>entirely. :-)
Well, my original question included: "And, is this even something I would
want to do?"
I haven't seen anyone object to this idea, and I really cannot think of any
time I have ever dealt with a partial message, so maybe blocking them
entirely would be a good idea. After some consideration, I really don't
think my user-base would be too confused by blank messages, because they
probably wouldn't get any anyway. Its like a VBS attachment now. If you
get it, its probably malicious (with few exceptions).
I like the patch idea, and it looks like it will work, but I won't be
implementing it, as I don't have any outlook users anyway (I just asked the
question in the first place, as a general security question)
OTOH, if this were to be implemented in a release, I for one, would prefer
to see it included as a new optional switch in the santizer.cfg file.
Something like "feat_partial_blocking".
That, and should something like this be done, it would be nice to have a
specific message go with it. Maybe a new line in the sanitizer.log???
----------------------------------------------------------------------------
Robert Litman