I had never heard of the malware or how it worked until I read you linked article. But the key information here is the use of extended mapi Thunderbird struggles to implement most of the MAPI interface. It does not support extended MAPI The following quote from the article is also very very specific. <blockquote>This configuration is the first thing checked by this module. In particular, the registry key HKLM\Software\Clients\Mail\Microsoft Outlook is accessed, and the value DllPathEx—the path to the mapi32.dll module—is expected to be defined. If it is not, the module does not proceed. Note that the registry key is pretty specific—there are other plausible keys, such as HKLM\Software\Clients\Mail\Windows Mail, that this module simply does not care about. </blockquote> This appears the email part of this is a Microsoft Outlook only issue. Having said that, the malware is probably included in the word document and opening it would infect your computer. The vulnerability of your computer to opening a virus in an attachment will depend on the anti virus product you use and how well the definitions are updated. The attachment is entirely a bit of text whilst it remains in Thunderbird. (Mime encoded see https://en.wikipedia.org/wiki/MIME) Opening an attachment converts the document to it's original binary form and writes the resultant file to the system temp folder. If your anti virus is any good it will block the write to your temp folder of the file if you attempt to open it. If it is not good it will miss the event and you will get infected. Attachments are a fundamental weakness of email. Be it Gmail, Thunderbird, Outlook or any other email client. As the actual content of the file is only known to the application that can read the file format of the attachment it is accepted on faith as "a file" and transmitted in an inert form. (and stored by Thunderbird that way). What you do with the attachment is left up to your judgement.