Bypassing Gmail Executable Blocking
“as a security measure to prevent potential viruses, gmail doesn’t allow you to send or receive executable files (such as files ending in .exe) that could contain damaging executable code.
gmail won’t accept these file types even if they are sent in a zipped (.zip, .tar, .tgz, .taz, .z, .gz) format. if this type of message is sent to your gmail account, it is bounced back to the sender automatically.
you can send and receive messages up to 10 megabytes (mb) total (including attachments). any message that exceeds this limit will not be delivered to your inbox and will be returned to the sender.”
recently i needed to send someone an exe file using my gmail account.
well, from the gmail faq quote above, you can understand that i can not send a windows executable file (or a file with .exe extension).
you may think that exe is out of the question… or is it? (muha muha muha .. sorry – Sunshine influenced me).
well it seems that exe files compressed with rar or ace are ignored. yep, i can use rar to compress an exe and send it to you using gmail. but checking if ‘elf’ binaries can be sent through gmail led me to an interesting conclusion:
do i really need rar?! all i need is to change the extension of the file and gmail will gladly accept it.
now you may ask yourself, why the hell am i writing this on my blog instead of notifying google?
well, i went to google contact us (took me a while to find it with all of the latest portal they giving us), and found a nice email: firstname.lastname@example.org. now when i sent this information (with more details, btw) to google, this was the reply:
from: “gmail team”
thanks for contacting us. we aren’t able to respond directly to inquiries
submitted to this email address.
please visit our help center at http://gmail.google.com/support/, or by
clicking ‘help’ at the top of any gmail page within your account. our help
center provides answers to the most commonly asked questions, and offers
information about gmail and all of its features.
if you are unable to log in to your gmail account, please follow the steps
to reset your password by clicking ‘forgot your password?’ on
the gmail team
if you’d like to learn more about how gmail’s features work, check out the
gmail help discussion (http://groups.google.com/group/gmail-abcs) where
our users share helpful tips and tricks with one another.
hey, i contacted security, not support ! so i said to myself, lets send this to the webmaster of gmail. well, addresses email@example.com, firstname.lastname@example.org and email@example.com do not exists! i received bounces back on all those emails…
the date of contacting them was: december 4th, 2005, and i waited until today to see maybe they will contact me… guess what… they did not.
so, i tried to do something else (that actually did not work o_o): i sent a virus without using the .exe extension. but it turns out the gmail antivirus actually found my virus (well, at least that!).
but then again i used some very old win32 virus
anyway, if any of you have 0-days out there to send using gmail, have no fear, because for now, gmail will not block it.
and for google, please make better ways for contacting you, and please do read things that may sounds like support request. or at least make a place to report bugs etc… even microsoft has one.