WebApp Sec mailing list archives
Re: GMail blocking "executable" attachments
From: James Riden <j.riden () massey ac nz>
Date: 21 Apr 2005 09:03:00 +1200
"Scovetta, Michael V" <Michael.Scovetta () ca com> writes:
All- I've noticed that G-Mail blocks attachments that contain "executable" files. (A zip file containing an .MDB, and even a zip file containing a zip file containing an .MDB). I assume they'd block all the usual suspects, but isn't that sort of the point of sending e-mails with attachments?
Well, MDB is, or can be, executable: http://packetstorm.linuxsecurity.com/0504-exploits/msjet.c
Do you think Google should be deep-scanning the files for content, or just the extension, and would running a virus detector against it be just as good?
There's usually a window of a couple of hours or more before the AV signatures catch up with the virus du jour. If you're blocking or quarantining executables, that covers you before the AV signatures do get updated. cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer.
Current thread:
- GMail blocking "executable" attachments Scovetta, Michael V (Apr 20)
- RE: GMail blocking "executable" attachments Richard M. Smith (Apr 21)
- Re: GMail blocking "executable" attachments Michael Silk (Apr 21)
- Re: GMail blocking "executable" attachments Wilfried Schobeiri (Apr 21)
- Re: GMail blocking "executable" attachments James Riden (Apr 21)
- <Possible follow-ups>
- RE: GMail blocking "executable" attachments Scovetta, Michael V (Apr 21)