Virus / Malware Scanning for Attachments
Prevent known malware by automatically checking email attachments for viruses and showing a warning if the result is positive. This could be done by submitting hashes of the files to VirusTotal.com.
There are two possible places where the automatic scan could happen:
- When incoming unencrypted email first arrives at ProtonMail's servers, before it gets encrypted.
- When the receiving user decrypts the attachment but before opening it.
Wait. Does encryption prevent a sender from sending me a virus attachment? I look up "How to scan an attachment in protonmail" and every forum talks about encryption.
I like the idea of this. For unencrypted email only, there should be a toggle to either virus scan before encrypting, or to not virus scan before encrypting. The additional overhead of sending encrypted messages will keep most scammers away or make them use unencrypted messages, and those who send unencrypted messages can be scanned.
This will only work for unencrypted attachments.
There is a lot of people who doesn't get the concept of end-to-end encryption. Encryption and decryption are made by the involved clients, data is never in a decrypted state at any server. If it was, then the security would be broken.
very bad idea but I can't downvote
@Marcus, you're incorrect, read the OP's description again. Incoming UNENCRYPTED emails can be scanned, so first proposition IS possible. Most incoming emails arrive at Protonmail's servers unencrypted unless sender uses PGP or is another Protonmail user.
Emails are already encrypted when they reach protonmail servers, thus the first proposition is impossible to perform.
A bad idea, in my opinion. It is superfluous. Also, it seems to me of low importance and priority for the purpose of the project at the moment.