WebApp Sec mailing list archives

Re: GMail blocking "executable" attachments

From: James Riden <j.riden () massey ac nz>
Date: 21 Apr 2005 09:03:00 +1200

"Scovetta, Michael V" <Michael.Scovetta () ca com> writes:

All-

I've noticed that G-Mail blocks attachments that contain "executable"
files. (A zip file containing an .MDB, and even a zip file containing a
zip file containing an .MDB). I assume they'd block all the usual
suspects, but isn't that sort of the point of sending e-mails with
attachments?


Well, MDB is, or can be, executable:

http://packetstorm.linuxsecurity.com/0504-exploits/msjet.c

Do you think Google should be deep-scanning the files for content,
or just the extension, and would running a virus detector against it
be just as good?


There's usually a window of a couple of hours or more before the AV
signatures catch up with the virus du jour. If you're blocking or
quarantining executables, that covers you before the AV signatures do
get updated.

cheers,
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.

Current thread:

GMail blocking "executable" attachments Scovetta, Michael V (Apr 20)
- RE: GMail blocking "executable" attachments Richard M. Smith (Apr 21)
- Re: GMail blocking "executable" attachments Michael Silk (Apr 21)
- Re: GMail blocking "executable" attachments Wilfried Schobeiri (Apr 21)
- Re: GMail blocking "executable" attachments James Riden (Apr 21)
- <Possible follow-ups>
- RE: GMail blocking "executable" attachments Scovetta, Michael V (Apr 21)