Is Eudora able to save inline pics as attachment instead of viewing them at once?

[Juergen]

Hi,

I am still using Eudora 6.2 (English version) on Win7 and am receiving
more and more emails with inline pictures. Because of security reasons I
want to prevent inline images from being viewed automatically.

In preferences I have selected

ATTACHMENTS = receive MIME digest as mailbox attachment

DISPLAY = NOT selected "automatically download HTML graphics"
NOT selected "show attachment images inline"
NOT selected "display emoticons as pictures"

VIEWING MAIL = NOT selected "allow executables in HTML content"

Is it possible to prevent inline images from being viewed automatically?
Possible to tell Eudora to save them as "attachments" to be viewed later?

Juergen

[John H Meyers]

On 9/28/2011 1:52 PM, Juergen wrote:

> I am still using Eudora 6.2 (English version) on Win7

6.2.what? I would never even consider keeping anything older than
6.2.3.4, although for Windows 98 I might suggest 6.2.5.6,
if version 7.1 causes any issue with the address book.

Why not 7.1.0.9 with all final improvements, including free paid reg. code?

> Because of security reasons
> I want to prevent inline images from being viewed automatically.

What exactly is the security threat that you think exists with viewing images?
Do you have any references describing that threat?

The following report is a threat not caused by images themselves,
but by images that are used with links to web sites offering malware downloads:
<http://isc.sans.edu/diary/More+on+Google+image+poisoning/10822>

I'm trying to find a report about images that, by themselves,
cause harm when displayed, but I'm having difficulty finding any,
except for this very old one about a Windows vulnerability
(for Windows-specific file type ".wmf" only)
which should have been fixed years ago by Windows updates,
or by anti-virus products which automatically screen files:

<http://technet.microsoft.com/en-us/security/advisory/912840>
<http://technet.microsoft.com/en-us/security/bulletin/ms06-001>
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4560>

Has anyone knowledge of any more recent reports,
particularly any that apply to any other type of image,
and are still outstanding vulnerabilities of any software?

It's a good thing that images are not living souls
of people being shunned for unfounded reasons.

> NOT selected: "automatically download HTML graphics"

Means no downloading images from web.

> NOT selected: "show attachment images inline"

Means not to display images specifically attached as separate files,
rather than as part of the message body.

> NOT selected: "display emoticons as pictures"

The "emoticon" images, when displayed, are actually a set of ".png" files
that _come with Eudora_ and are found in the three "Emoticons" folders
in the Eudora _program files_ (each folder has identical file names,
one file per emoticon, but one folder is for smallest images 16x16,
one folder for medium 24x24, and one folder for large 32x32)

There is no danger from displaying the Eudora-provided emoticons,
which is lucky for you, because even just clicking the emoticon selector
while composing a message displays all 24 of them in the selection list,
even if none will be displayed in the composed message body itself :)

Here they all are on the web, as GIFs (Gigantic Infectious Firebombs?)
http://www.eudora.com/email/features/emoticons.html

> NOT selected "allow executables in HTML content"

Means things like javascript; images are not "executable."

> Is it possible to prevent inline images from being viewed automatically?

Images fetched from web can be suppressed as above.

To suppress images included with messages, you might try using Microsoft's viewer
and setting Internet Explorer's "Internet Options" to display no images at all.

> Possible to tell Eudora to save them as "attachments" to be viewed later?

All "embedded" images are automatically separated from incoming messages
and saved in the "Embedded" sub-folder of the user "data" folder.

You can delete them all, if desired, to prevent any possible chance
of subsequent spontaneous combustion :)

--

[John H Meyers]

On 10/01/2011 3:27 AM, John H Meyers wrote:

> Has anyone knowledge of any more recent reports,
> particularly any that apply to any other type of image,
> and are still outstanding vulnerabilities of any software?

Here's another quite old (2005) report, involving Apple QuickTime,
which Eudora may use to internally display some images:

http://support.apple.com/kb/TA23845

That refers to a vulnerability in QuickTime 7.0.3 and earlier versions.

The current version of QuickTime is 7.7

Rush out and download it here:
<http://www.apple.com/quicktime/download/>

--

[Juergen]

on 01.10.2011 10:27, John H Meyers wrote:
> On 9/28/2011 1:52 PM, Juergen wrote:

> 6.2.what? I would never even consider keeping anything older than
> 6.2.3.4, although for Windows 98 I might suggest 6.2.5.6,
> if version 7.1 causes any issue with the address book.

Sorry, I am using 6.2.5.6 and I am satisfied with it: no crash, no lost
emails, most preferences very simple to understand (only using the
special prefs via input commands are little complicated to remember for
me...). 4000 emails with 54 MB is ok with me.

> Why not 7.1.0.9 with all final improvements, including free paid reg. code?

You have given me this advice some time ago, thanks, and I have already
downloaded this version. But nevertheless I'm afraid little bit (only
little bit) to change a running system, not because of Eudora itself :-)
BTW. is it possible to install 7.1.0.9 while 6.2.5.6 could stay intact?
Perhaps even using both versions parallel? Then I could use 6.2.5.6 as
"backup-system" for viewing and searching older emails only and use
newer version from scratch?

One and only prob with Eudora is not being able to view UTF-8 for input
mails correctly, but... those mails I don't receive often, so it's ok
with me.

>> Because of security reasons
>> I want to prevent inline images from being viewed automatically.
>
> What exactly is the security threat that you think exists with viewing images?
> Do you have any references describing that threat?

My own provider now is working like phishing black hats: sending mass
emails via flonetwork.com (incl their message-ID) but with different
sender adddresses. And this email about changing special contract data
looks like a phishing mail incl links to a website for checking personal
data I am very careful. Ok, I know to read headers and, thanks to
Eudora, to read and check email-source.

> The following report is a threat not caused by images themselves,
> but by images that are used with links to web sites offering malware downloads:
> <http://isc.sans.edu/diary/More+on+Google+image+poisoning/10822>

Thanks, very interesting. Is this possible with inline images in Eudora,
too? Attachments I don't click from within Eudora and I deselected to
load images from Web since ever ;-)

Thanks for the other links, too.

>> NOT selected: "automatically download HTML graphics"
> Means no downloading images from web.

That's what I've learned long long time ago ;-) BTW, it's a great
feature that Eudora will show the "real" URL before clicking a link...

>> NOT selected: "display emoticons as pictures"
> The "emoticon" images, when displayed, are actually a set of ".png" files

I mentioned this pref only to show what I've done on my side, but
emoticons I hope can do no harm. But... I wanna read an email, not to
view jumping emoticons ;-)

>> NOT selected "allow executables in HTML content"
> Means things like javascript; images are not "executable."

is it same with pdf? I read about "launch"-command in Adobe Reader (my
version presently still 9.1.0).

>> Possible to tell Eudora to save them as "attachments" to be viewed later?
> All "embedded" images are automatically separated from incoming messages
> and saved in the "Embedded" sub-folder of the user "data" folder.

I know, it's wise from Eudora to do so.

> You can delete them all, if desired, to prevent any possible chance
> of subsequent spontaneous combustion :)

Right, could be a chance for me to look first at the "Embedded"
sub-folder to view latest images before opening emails... thanks.

Juergen

[Juergen]

Am 01.10.2011 10:27, schrieb John H Meyers:
> What exactly is the security threat that you think exists with viewing images?
> Do you have any references describing that threat?

E.g. here little snippet of source of an email from SBSH with
"clickable" inline-pictures I don't like. I've anonymized little bit
what I think is a member-ID. SBSH is not my email-provider, only
advertising.

Do you know if this way could become dangerous?

> <td nowrap valign=middle style="padding:0px;">
> <img src="http://downloads.sbsh.net/nl/2011_09_android_safewallet_1_1_3/pictures/spacer.gif"
> width="6" height="1">
> <a href="http://members.sbsh.net/lt.php?c=54&m=58&nl=13&s=####anon#####&lid=1006&l
> =-http--twitter.com/intent/tweet--Q-text--E-RT--PL-@sbshsoft%3A--PL-SafeWallet--
> PL-Password--PL-Manager--PL-for--PL-Android--PL-adds--PL-integrated--PL-browser--
> PL-with--PL-auto--PL-form--PL-filling--PL----PL-browse--PL-with--PL-ease--
> PL-http%3A%2F%2Fgoo.gl%2FK80n0" target="_blank">
> <img src="http://downloads.sbsh.net/nl/2011_09_android_safewallet_1_1_3/
> pictures/share_twitter.gif" align=middle border=0></a>
> <img src="http://downloads.sbsh.net/nl/2011_09_android_safewallet_1_1_3/pictures/spacer.gif"
> width="2" height="1">
> <a href="http://members.sbsh.net/lt.php?c=54&m=58&nl=13&s=####anon#####&lid=1007&l
> =-http--www.facebook.com/share.php--Q-u--E-http%3A%2F%2Fgoo.gl%2FK80n0--A-t--E-
> SafeWallet--PL-Password--PL-Manager--PL-for--PL-Android--PL-adds--PL-integrated--
> PL-browser--PL-with--PL-auto--PL-form--PL-filling--PL----PL-browse--PL-with--PL-ease"
> target="_blank">
> <img src="http://downloads.sbsh.net/nl/2011_09_android_safewallet_1_1_3/
> pictures/share_facebook.gif" align=middle border=0></a>
> <img src="http://downloads.sbsh.net/nl/2011_09_android_safewallet_1_1_3/pictures/spacer.gif"
> width="2" height="1">
etc etc...

Juergen

[Han]

Dennis Lee Bieber <wlf...@ix.netcom.com> wrote in
news:oLudnaFcmvEQtRTT...@earthlink.com:

> Pity though that Eudora doesn't have a "show source" which would
> display the raw original message contents including embedded images.

My Eudora 7.1.0.9 has a right-click option to "view source" when you
rightclick in the eudora text field. (I just tried with a promo from Am
Expr).

--
Best regards
Han
email address is invalid

[Juergen]

On 03.10.2011 05:14, Dennis Lee Bieber wrote:
> Pity though that Eudora doesn't have a "show source" which would
> display the raw original message contents including embedded images.

by right-clicking anywhere in mailbody within Eudora there is a
pop-up-menu with choice "view source". That's where I got the
source-snippets I posted.

> Embedded images are likely sent using MIME blocks to identify the image.
> (Note that MIME does NOT automatically mean HTML)... See:

from my posted snippet one excample...

| <img src="http://downloads.sbsh.ne

| /nl/2011_09_android_safewallet_1_1_3/pictures/spacer.gif"
| width="6" height="1">

| <a href="http://members.sbsh.net/...etc

Why I feel unsafe is, is the pic described after "img src=..." sent as
inline pic together with the body text _or_ is this image loaded from
web during I opened this email in Eudora?

See
http://liesmal.homepage.t-online.de/eudora-inline.jpg
as the start of what Eudora is viewing to me, its really just the start
of the email-body.. I think I haven't clicked anything in this email but
only opened email in Eudora.

This kind of email I receive more and more and... I don't like :-(

Juergen

[Han]

Juergen <mac...@arcor.de> wrote in
news:4e8a001e$0$6552$9b4e...@newsspool4.arcor-online.net:

Actually, it is for examining of emails I perhaps don't like that I use
MailWasherPro to take a pure ASCII look at them. MWP doesn't render
html, or download anything, but it can delete emails off the server that
sends you your email. Of course if something comes in between the time
MWP has downloaded it and the time you let Eudora download it, other
emails could have come in. But generally I let MWP download all my
email from several accounts, examine it, delete what I don't like, then
make MWP start up Eudora to get what I do want. There is also a free
version. <http://www.mailwasher.net/>

[Han]

Dennis Lee Bieber <wlf...@ix.netcom.com> wrote in

news:af2dnZIlLvXDEBfT...@earthlink.com:

> On Mon, 03 Oct 2011 20:34:00 +0200, Juergen <mac...@arcor.de>
> declaimed the following in comp.mail.eudora.ms-windows:

>
>> On 03.10.2011 05:14, Dennis Lee Bieber wrote:
>> > Pity though that Eudora doesn't have a "show source" which
>> > would
>> > display the raw original message contents including embedded
>> > images.
>>
>> by right-clicking anywhere in mailbody within Eudora there is a
>> pop-up-menu with choice "view source". That's where I got the
>> source-snippets I posted.
>>

> Which may be /after/ Eudora already preprocessed the raw message
> source.

>
>> > Embedded images are likely sent using MIME blocks to identify the
>> > image. (Note that MIME does NOT automatically mean HTML)... See:
>>
>> from my posted snippet one excample...
>>
>> | <img src="http://downloads.sbsh.ne
>> | /nl/2011_09_android_safewallet_1_1_3/pictures/spacer.gif"
>> | width="6" height="1">
>> | <a href="http://members.sbsh.net/...etc
>>
>> Why I feel unsafe is, is the pic described after "img src=..." sent
>> as inline pic together with the body text _or_ is this image loaded
>> from web during I opened this email in Eudora?
>>

> Well... disable your network connection and then start Eudora and
> open the message... Messages loaded from a web-site won't load...
>
> Embedded images are encoded IN THE MESSAGE (from which Eudora
> extracts and saves in the "embedded" directory) using some form of
> binary to text equivalence -- BASE64. An embedded image does not have
> a URL.
>
> http://en.wikipedia.org/wiki/Base64
>
> During the preprocessing by Eudora, it looks for such MIME
> blocks,
> decodes them into image files which are stored locally, and only saves
> a processed version of the message (that is, if a message was sent
> with alternate representations -- HTML/Rich Text AND plain text, it
> tends to keep the HTML/Rich Text version and deletes the plain text
> copy; similarly the BASE64 image data has been stripped).

NOTE also:
Using preview of an email in Eudora is the same as totally opening that
message for purposes of decoding and processing. I like the preview, but
avoid most "bad" emails by using Mailwasher as detailed elsewhere in this
thread.

[Juergen]

On 04.10.2011 06:36, Dennis Lee Bieber wrote:
> Messages loaded from a web-site won't load...

Thanks for idea, will give a try to see what will happen.

Juergen

[John H Meyers]

On 10/01/2011 3:16 PM, Juergen wrote:

> I am using 6.2.5.6 and I am satisfied with it: no crash

7.1 is said to be more crash resistant than 6.x,
particularly in regard to large "system" mailboxes;
the list of other bugfixes in "Release Notes" might be educational.

> no lost emails

Since when does 7.1 lose emails?

> most preferences very simple to understand

There is virtually no change in Eudora's preferences over time;
in fact, one aspect of asking for passwords has been made clearer,
with a "remember" check box now in the pop-up which asks for the password.

Built-in help for preferences
(with context-sensitive "?" help tool) is still present.

> Is it possible to install 7.1.0.9 while 6.2.5.6 could stay intact?

> Perhaps even using both versions parallel?

I have multiple versions installed, each into its own separate "programs" directory,
and can use any one version at a time with any one "user data" folder.

--

[Juergen]

Am 06.10.2011 03:37, schrieb John H Meyers:
> I have multiple versions installed, each into its own separate "programs" directory,
> and can use any one version at a time with any one "user data" folder.

Thanks. So I will intall at last 7.1 besides my 6.5.

Juergen