Any inputs on this from moderators or fellow users please.

Requesting help here from experts.

Two days ago I started writing a response, but it amounted to "Why bother"?

But here is is anyway.

1. No idea, but I would expect not.

2. Why bother? Seriously mail at rest is a text file. It can not infect your system, cause issues or really do anything that any other simple text file could do. Just ignore it, if you try and open an infected attachment on an email let the antivirus notify you and block the creation of the attachment. Mail at rest does not have attachments, only mime encoded text representations that need to be decoded and turned back into a file to be opened, so any malware in an attachment does not exist in a harmful state until the attachment is saved or opened, because that is when the file is created. Likewise Thunderbird does not run script in messages, so there is no drive by malware from opening an infected email. When using Thunderbird essentially you have to chose to open a website that infects your system, open an attachment that your antivirus fails to detect as infected in memory or when the temp file is written to disk preparatory to opening. If your antivirus fails to detect it at that point, it will not have been able to detect it in the incoming email either. (Same definitions used)

3. MailDir has had basically no updates for a decade. The underlying code was written by a programmer working for Mozilla Messaging who left the organization for greener pastures at Google before Mozilla Messaging was disbanded as a company by Mozilla in 2012. I understand there may be some work being undertaken on the pluggable store which was a fundamental requirement for the maildir like implementation. I think long before it gets released as a "thing" it will be replaced. The support article which I assume you have read contains a link to open bugs for that specific feature, it is up to you to make your own decisions as to if you wish to risk your data using it. I use it for a single IMAP mail account so I can test and track bugs, but I do not trust it with my pop mail, only IMAP as that is mostly going to be backed up with a server copy unless a bug deletes the server copy as well.

Just to be clear, Microsoft defender does not scan email at all, yet it rates about as effective in detecting malware as all of the paid products out there that do. Mail scanning is mostly smoke and mirrors to sell the commodity (Fear) that is the stock in trade of antivirus companies and cover for the security weaknesses inherent in products like Outlook that start running scripts as soon as you open an email. If you press these vendors for a reason for scanning email they will offer "another line of defense". They have memory, hard disk and file system locked down and they want to mess with text files because they have the potential if opened in the wrong application to cause trouble.

You have now received a reply from a peer as this is a peer forum. If you want to consult security experts, I am sure there are some you can hire, but not here.

Thank you Matt for your response and views.