Cheat the GMail Antivirus Scanner: Attach any filetype with GMail
When you send and receive attachments with GMail, they’re auto scanned for viruses. If Gmail thinks your mail has viruses, it will attempt to clean the file or remove it. But if it detects a virus and can’t remove it, then you won’t be able to download it.
Thanks to the new GMail Anti Virus Scanner, you cannot send or receive emails with exe, dll, ocx, com or bat attachments even if they are sent in a zipped (.zip, .tar, .tgz, .taz, .z, .gz) format (The .rar format is still allowed)
GMail has one of the best spam filtering and phishing detection capabilities but the GMail virus scanning is a bit disappointing. When I tried to email a Firefox 1.5 installer to a colleague, GMail uploaded the entire file (Firefox Setup 1.5.exe 4.98 MB) and then threw this alert:
This is an executable file. For security reasons, Gmail does not allow you to send this type of file.
This is such a poor solution. GMail Virus Scanner didn’t scan the attachment, it just blocked it since it was an exe file. Why is Google calling it an AntiVirus scanner when it is merely blocking attachments of certain types like .exe? Yahoo! webmail too have an anti-virus but they accept .exe files since the yahoo anti-virus would scan even exe files and clean them if found infected.
Secondly, why did GMail upload the entire exe file to its server for scanning but didn’t scan since it was an exe.? The GMail file uploader should be smart enough to disallow users from uploading files with extensions like exe, com, ocx, etc.
Google has no plans to make the “limited” antivirus feature optional, nor does it plan to stop blocking executables. Yahoo! Mail uses Symantec software to scan for viruses. Hotmail licenses its technology from Trend Micro. Google isn’t saying which vendor is providing the antivirus technology.
Since you cannot Turn Off GMail Anti Virus Scanning, you can use these GMail hacks to send program file (exe), virus samples and other blocked formats with GMail:
Technique 1. Use a free file hosing online service like Rapidshare, Megaupload or Yousendit to upload your file and send the link of the uploaded file in your GMail message.
2. Rename the file: Change the file extension to fool the GMail scanner. The new attachment could contain instructions making it easier for the recepient to derive the actuall attachment type. For instance,
Rename Adobe-Reader.exe to Adobe-Reader.exe.removeme
3. If you have lot of exe files to send, put them in a zip file and change the extension of the zip file as mentioned in the previous step. Remember that GMail denies zip attachments that contain exe files. Pass-Protection won’t work either since GMail can examine exe filenames even in password protected zipped files as the archived filename listings are not encrypted by the Zip program.
4. Use a different compression software like WinRAR which compresses files in .rar format. GMail is currently not scanning or blocking .rar filetypes. But there is a high probability that GMail might support rar formats in future. In that case, you can consider splitting the rar files and attaching them separately (like .r1, .r2..)
Important: I would recommend only the first technique since all others violate Google policies and Google could even terminate your GMail account.
Sending Virus infected files with GMail: Yes, it is against the GMail TOS to send viruses in email but ocassionally, we need to mail an infected file for reporting purposes to an antivirus vendor. Like the Symantec Security Response center encourages users to submit virus samples for analysis. You can use any of the above techniques to bypass the virus scanner and attach infected files in your emails.
Now that limited virus scanning is in, we can expect GMail to move quickly out of the beta once the GCal (Google Calendar) application is available. The Google Calendar domain is already live.
கருத்துகள் இல்லை:
கருத்துரையிடுக