Okay, this is probably covered somewhere, and I am just not finding it - but the only reference I can find to detecting databombs says that you can do so with a successful matrix perception test. Does that mean that they only need one success (in which case, just about everyone would see them)? or does the placement of a data bomb include the act of attempting to hide it in the file (in which case it would roll program rating + stealth)?
Also, if it is the later case, which I suspect it is, whose stealth is used? The persona that is placing the bomb, or the node upon which the file rests? The first one makes the most sense, I suppose, but its bizarre that his stealth program would help long after he has left and logged off. The later just means that if you're going to bother data bombing your data, it better be on a node that can afford to run a stealth program in addition to analyze, encrypt, and the usual fare.
Also, it says "Anyone attempting to access the file without the proper passcode". Does that mean someone tries to open a databombed email message and they're given a prompt to enter the passcode into, and the bomb only goes off if they enter the wrong one? Can they wait it out and not enter anything? Can they cancel? I doubt any of that is in the rules, anywhere, but I am having trouble mapping the passcode aspect of a databomb to anything in real life. If you're going to accept a password, a user needs a way to enter it - which means they need time to enter it, which means they have plenty of warning that the file is, in fact, bombed before the bomb really goes off.