I use Gmail - GMail (Google) filters virii (viruses) and any other malware from my incoming email. There is spam reporting/moving feature as well. And GMail works well on Safari!

So this does not bother me.

But I would like to point out that this will bother those who use the Mail app exclusively. How much of a bother is up to the user. From a bit to a lot...

In that case, I am concerned about the luckless users.

Guest, now celebrating his 1,234th post...

I did their demo and it didn't do what they said it would... so I don't know about their vulnerability. (I did look at the code on a different machine before executing the potential virus.. it was as they say, a simple and harmless shell script.) It will be interesting to see what others say about this.

[pointless trolling/spamming deleted]

This totally worked for me. You go to their web site and enter your email address and they mail you. Clicking once on the ".jpg" attachment brings up the Terminal and runs a script, which does an 'ls' and prints a message basically saying you are owned.

The second time I clicked on the ".jpg", it didn't work and the correct warning dialog came up. It turns out it only works once each time Mail is started.

The script doesn't get root or admin privileges if you are running as a normal user. But if it contained "rm -rf ~/*" you would basically be screwed. It could also modify your ~/Library to get a bot to run in the background when you are logged in, I think. Apple absolutely has to fix this, despite what any fanboys say.

This isn't a flaw in Mail and everyone knows it. It's a flaw in the way the system chooses icons for display. The system is smart enough (?) to read the RSRC to run the trojan but not smart enough to get the icon from there? How come other third party utilities are smart enough? It's not Mail it's the entire Apple system and Apple never fixed this but hey - you hold your breath JG and they'll fix it right soon now.