WebApp Sec mailing list archives
RE: GMail blocking "executable" attachments
From: "Scovetta, Michael V" <Michael.Scovetta () ca com>
Date: Wed, 20 Apr 2005 19:44:21 -0400
Mike, Wow, I really didn't expect that. That could be considered a vulnerability. *.txt files should not be executed, even if the underlying content is in a binary format. A few things I've noticed: 1. Renaming foo.exe to foo (no extension) prevents foo from being executed. It seems that just about any other extension (com, bat, .bar, .txt) all have it executed. 2. It seems that only .exe files. Renaming batch files to .xyz doesn't work, and renaming it to a .zip brings it up in winzip (or whatever is registered for .zip files). .com files also don't work if you change the extension. Consider renaming new_virus.exe to new_britney_spears.mp3 and pushing it out to kazaa or something. People download it, and click on it in Explorer. The file does whatever it wants to, because it's an executable, and isn't picked up by winamp/etc. Does anyone know if there's a registry key to disable this "feature"? Michael Scovetta Computer Associates Senior Application Developer -----Original Message----- From: Michael Silk [mailto:michaelslists () gmail com] Sent: Wednesday, April 20, 2005 7:30 PM To: Scovetta, Michael V Cc: webappsec () securityfocus com Subject: Re: GMail blocking "executable" attachments I'm pretty sure they do. It's depends on where the content will be delievered, I guess. If the extension makes a difference as to whether it is executed or not then there is no point checking the internal content. If the file is executed based on it's header, then definately check it. For example, find an executable, rename it to .txt and then go into dos and type: "whatever.txt". In my windows 2k and presumably XP, it will run it as an executable, and not open it with notepad. If you double-click on it from explorer, notepad opens it. There should probably be a setting [but I suspect there already is] to perform such a scan on the scanners you have on your servers. -- Michael On 4/19/05, Scovetta, Michael V <Michael.Scovetta () ca com> wrote:
All- I've noticed that G-Mail blocks attachments that contain "executable" files. (A zip file containing an .MDB, and even a zip file containing
a
zip file containing an .MDB). I assume they'd block all the usual suspects, but isn't that sort of the point of sending e-mails with attachments? Renaming the enclosed .MDB to .TXT allows it to be send through, so it's not really a major problem. Do you think Google
should
be deep-scanning the files for content, or just the extension, and
would
running a virus detector against it be just as good? No real issue here, I just thought it was interesting-not sure if
other
major email providers do the same thing. Regards, Michael Scovetta Computer Associates Senior Application Developer
Current thread:
- GMail blocking "executable" attachments Scovetta, Michael V (Apr 20)
- RE: GMail blocking "executable" attachments Richard M. Smith (Apr 21)
- Re: GMail blocking "executable" attachments Michael Silk (Apr 21)
- Re: GMail blocking "executable" attachments Wilfried Schobeiri (Apr 21)
- Re: GMail blocking "executable" attachments James Riden (Apr 21)
- <Possible follow-ups>
- RE: GMail blocking "executable" attachments Scovetta, Michael V (Apr 21)