Sending *.exe files through GMail and other mail servers

As for right know (when anything goes web and desktop applications are nearly dead) there aren’t many situations, when you would like to send an *.exe file as an attachment. But, suppose you want. Then you, the good question, is how to do this? Well… in general, you can’t do that. Gmail itself will block you from sending an EXE file directly or ZIP archive containing it. Saying that it did so, for the security reasons. And, even if you pass it over (see below), most mail servers will block you from delivering such contents to mailboxes operated on this or that server.

Some people says, that you should password protect and/or encrypt your ZIP archive to solve this problem. Well… not quite. Keep in mind that encrypting an archive doesn’t stops Gmail from checking its contents or MIME types of included files. For long time I couldn’t belive, how this is possible? But then people wiser than me told me, that since password is required to unpack files and/or watch contents of them, being able to check (without knowing password) only contents of archive itself (not files included) or MIME typs (but not contents) of files is not a security breach and that is why this works that way. Anyway, this is a dead-end.

Yes, yes. We all (or at least most of us) knows, that you can simply change extension of a file (for example from “.zip” to “.anarchive” or “.somethingelse” or anything) and Gmail gets stupid and allows you to send such file. This time, this isn’t a security voliation? I can’t stop wondering, how someone at Google could be so stupid to implement contents checking feature basing on extension, which could be anything. But, again, this is a dead-end for as. Google coders and Gmail itself may be stupid, but most mail servers aren’t. And you can change extension to whatever you want. They won’t let your message pass even so.

So, what is the solution? Well… you have to use another archive format, other then most widely know ZIP. Like RAR or SevenZIP or maybe some others, that I don’t know. Why? Because these archivers has a magical option, when creating new archive, called “Encrypt filenames also”. Checking this will turn archive contents into unbeliveable garbage. An im most sitations, both Gmail and destination mail server will fall over that, passing your message, even though it contains “ugly EXE file”.

Why ZIP hasn’t got such option. Well… I don’t know. My only guessing is, that this is for security reason. You can open ZIP file directly in your system, so many less informed people can do this without thinking and fall into some self-archiving virus trap. To unpack RAR or 7ZIP archive, you have to install additional program and maybe this will force most people to think twice, what are they doing (am I really opening a Naked Scarlett Johansson Under Shower presentation or maybe this is some kind of virus?)…

Leave a Reply