<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2658.34">
<TITLE>RE: [OT] Strip attachment and add link for download</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> -------------------------</FONT>
<BR><FONT SIZE=2>> Alias /pickup/ "/var/spool/MailScanner/quarantine/"</FONT>
<BR><FONT SIZE=2>> <Directory "/var/spool/MailScanner/quarantine/"></FONT>
<BR><FONT SIZE=2>> Options Indexes MultiViews</FONT>
<BR><FONT SIZE=2>> AllowOverride None</FONT>
<BR><FONT SIZE=2>> Order allow,deny</FONT>
<BR><FONT SIZE=2>> Allow from all</FONT>
<BR><FONT SIZE=2>> </Directory></FONT>
<BR><FONT SIZE=2>> --------------------------</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> The only down side is you have to open up permissions to the quarantine </FONT>
<BR><FONT SIZE=2>> folders, and thus making ALL of the messages available to those that </FONT>
<BR><FONT SIZE=2>> know how to peruse the folders. Fortunately, the message id is quite </FONT>
<BR><FONT SIZE=2>> long and random, and makes it harder to dig around unless you know </FONT>
<BR><FONT SIZE=2>> exactly what it is.</FONT>
</P>
<P><FONT SIZE=2>You should really change this to -Indexes since this allows for directory indexing. It doesn't matter how messed up the URL is if you allow directory indexing.</FONT></P>
<P><FONT SIZE=2>When you go to <A HREF="http://www.whatever.tld/pickups/" TARGET="_blank">http://www.whatever.tld/pickups/</A> doesn't it give you a directory listing? and the same for all sub-directories?</FONT></P>
<P>This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory.</P>
</BODY>
</HTML>