I am considering installing Firejail to sandbox Firefox and Thunderbird. I understand that when I want to download something, Firejail will send it to the Downloads folder, but other locations are restricted. I am not sure what it does with items I want to attach to outgoing emails; I have read claims that these items must first be moved to the Downloads folder and then pulled from there. Evidently, Firejail will allow me to whitelist other folders, but my current practice of downloading to the Desktop may not survive, given that it would place everything on the Desktop inside the sandbox.
The articles I have read fail to address what happens after the file is downloaded to the Downloads folder. Firejail seemingly would be of little use if my next step was to transfer the file to a another folder outside the sandbox or copy it to a flash drive for transfer to my offline computer. Currently, an AV program on that computer scans any connected flash drive before its files are copied over. But even the act of copying them from the Downloads folder to the flash drive would seem to expose the internet computer to malware.
So is the expectation that the downloaded file will be scanned while it is still sitting in the Downloads folder, inside the sandbox? If so, with what?
