Sending executable file through Gmail in Windows

For obvious security reasons, Google will do anything that is in their power to stop you from sending .exe, .apk and other executable files as email messages’ attachments. But, sometimes it is very needed to send such file (in a completely legitimate scenarios). And doing so in Gmail becomes a serious task.

This is, because simple encrypting (password-protecting) such files isn’t enough right now. Since password-protected files encrypts their content only and thus list of attached files is available. Gmail can scan such file and learn that you’re trying to send an executable file even without knowing the password.

Simple extension rename: .exe –> .nothing also doesn’t work today. Google is somehow able to check mime-type of files attached in encrypted archives and doesn’t rely on file extensions anymore.

Assumptions

Linux comes to the rescue here, with its .tar (tarball), .gz (gzip) or .tgz (gzipped tarball) archive formats. They must be, in addition, compressed again, to password-protected .zip format (or any other archive type that supports encryption).

Actually, any type of archive would do, for first-pass compress, not just Linux types, but the additional assumption for my (old-time Windows user and Total Commander lover) was to figure out solution that:

  • Is acceptable by Gmail (i.e. attached file isn’t rejected as insecure)
  • Can be achieved using Total Commander without plugins

For the second point all other extensions fails, because Total Commander can pack only .tar, .gz, .tgz and .zip archives internally. For any other supported packer, plugin is needed (can unpack any listed type of extension without plugin):

Solution

The correct sequence is:

  • Pack your .apk, .exe or any other executable file using .tar, .gz or .tgz archive types (first pass)
  • Pack resulting archive using password-protected .zip files

Why is this working

When you read the articles linked in the introduction (this one and this one) you’ll learn that:

  • Only contents of packed files are encrypted, list of files — no.
  • Gmail can check the extension of a file inside an encrypted archive without knowing the password
  • It can also check mime-type, so renaming file to have some weird extension doesn’t work

However, if you pack an archive inside another archive and that overlying archive is encrypted then Gmail cannot access the second archive (inside the first one), because it is an encrypted content. Accessing it would require Gmail to know the password that was used to encrypt the first archive.

Why is this working on .tar, .gz or .tgz archive types, but not on .zip (you can pack exe into .zip and then that .zip into another (encrypted) .zip and Gmail will prevent sending such attachment) — I don’t know.

Summary

Gmail will prevent you from attaching executable file:

  • By itself (.apk, .exe etc.)
  • With changed extension (.gmailsucks)
  • With or without changed extension, packed into .tar, .gz or .tgz archive (encryption not supported)
  • With or without changed extension, packed to encrypted .zip file
  • Packed into (encrypted or not) .zip archive and then packed into another .zip (encrypted or not)

It will fail (i.e. it will allow you to attach executable file packed into .tar, .gz or .tgz archive and then resulting archive packed again into encrypted .zip archive.

Leave a Reply