[Alpine-info] attachments and ms defender - ideas?

[Andrew C Aitchison]

On Thu, 20 Jul 2023, superaorta at gmail.com wrote:


> My mail provider via outlook has turned on ms defender attachment

> scanning.  If I understand this correctly emails are delivered

> immediately but attachments are scanned off-line.  In the immediate

> delivery the attachments are replaced by a link to a "preview".  If

> the attachments are found to be "safe" then, in outlook, these

> preview links are replaced by the attachment.

>

> Since I hook emails off the outlook server before the scans take

> place (but end up reading them after the scans have completed) I

> only receive the preview link (which is dead by then because the

> scan is complete).

>

> I can't be the only person to have encountered this...

>

> Any idea how to deal with this situation or to turn this behaviour

> off? I realise this isn't an "alpine" problem per se and just a

> problem using alpine against a dumb idea/policy but I'm stuck with

> it and need to work out a way around!


This appears to be called "Dynamic Delivery"
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-about?view=o365-worldwide#dynamic-delivery-in-safe-attachments-policies

It is possible that the malware is not known when the message was
recieved, but is known when you come to read it, so the attachments
may not actually be scanned until you attempt to download them from
the server.

How do the messages reach Alpine ?
If I remember correctly (and I may not) with IMAP (but not POP3)
Alpine keeps a list of messages it has downloaded. Maybe you could
adjust that file to cause the messages to be downloaded again ?

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew at aitchison.me.uk