gmail failure

[softwaregurl]

... failed after I sent the message.
Remote host said: 552-5.7.0 Our system detected an illegal attachment on your message.
552-5.7.0 Please visit http://mail.google.com/support/bin/answer.py?answer=6590
552 5.7.0 to review our attachment guidelines. ...

that page says

Some file types are blocked
As a security measure to prevent potential viruses, Gmail doesn't allow you to send or receive executable files (such as files ending in .exe) that could contain damaging executable code.

Gmail won't accept these types of files even if they are sent in a zipped (.zip, .tar, .tgz, .taz, .z, .gz) format. If this type of message is sent to your Gmail address, it is bounced back to the sender automatically.

You can send and receive messages up to 20 megabytes (MB) total (including attachments). Any message that exceeds this limit will not be delivered to your inbox and will be returned to the sender.

I got the bounce back.  6.91MB inside a tar.gz   

I'll email with other arrangements.

[Jason W]

I didn't know that gmail looks inside tarred and zipped attachments.  But executable files normally don't cause a problem that I have seen.  Perhaps it also looks for file extension like .bin in addition to .exe.

[softwaregurl]

It might have been a combination of the file name looking like a tar ball and the complexity.  Two files with tar headers inside the big one.   I was reading where clamav can reject too complex of an archive as a DOS attack.  Or failed a hierarchical scan or complex enough looking that it was scanned more then normal (or the scanner was bored : .

[tobiaus]

i would have tried zip.tce just because i'm used to zip files offering fewer problems for uploading and downloading (sometimes) and you can zip a tar.gz. in theory it should make no difference to the scanner, in practice it may help.

other than that, wikipedia lists free file hosts for files of that size. just upload and copy the url here. no account setup needed, although they may not be private.

[Jason W]

I wonder if making  an iso file system using mksiofs or a cramfs image would pass the scanner as it is looking inside tarred archives but perhaps not iso images or cramfs images.  When I get this extension I will try that sort of thing out abnd mail it to myself and see if it makes it through.  There has to be a format that gmail does not peek into.

[curaga]

There has to be a format that gmail does not peek into.

What, and lose the precious metadata to target you more advertising?

Reading your mails, peeking into attachments, looking where you browse and what you buy. This is why google should not be supported.

Pfft. If it's needed, let's start encrypting the attachments. Bcrypt was in the base, wasn't it?

[Jason W]

I was a little floored reading that gmail examines the contents of tar.gz's. 

I do like the idea of encrypting extension attachments with bcrypt.  It never hurts.

[mikshaw]

Not sure if this has anything to do with it, but I've had troubles sending info files through Yahoo, even inside a tar.gz archive, because the antivirus software they use incorrectly detects some files as viral.  Specifically they would be files containing lines that begin with '--' or '=='

In those cases, either using bzip2 instead of tar or adding one or more other characters to the start of that line fixed the problem.

[Jason W]

Perhaps bzip2 would solve the issue at least temporarily.  I will try that when I get this extension.

[softwaregurl]

I know what it was.    .sh build script in the tar.gz.

[Jason W]

softwaregurl-
Could you please send the original extension in tar.bz2 format to see if that would let it through.  There are going to be a lot of extensions with .sh script files in them and it would be good to find an archive format that will fly under the radar.

JW

[Jason W]

Gmail doesn't allow .exe files to be sent, as well as others.  So I tried the bcrypt approach on putty.exe, which produced the file putty.exe.bfe.  I was able to upload it to gmail and download it with no problems.  So how about tarring up the files into a .tar.gz and then using bcrypt on it:

bcrypt extension.tar.gz

and send the password along with the email.  This should work as a hassle free means of uploading extensions.

[tobiaus]

or you could just use "tinycore" as a password every time, that way it could be automated, and it's about as secure as sending it with the password right next to it.

i figured rot128 would be enough to get it past gmail, but there's no need to create a rot128 tool when bcrypt is readily available.

[Jason W]

Bcrypt solved the problem with the extension in question.  From now on, bcrypt can be used on all submissions with the password tinycore as security is not the issue.

[mikshaw]

So if it's decided that bcrypt is a workable permanent solution, I suppose that step should be added to
http://www.tinycorelinux.com/wiki/tiki-view_faq.php?faqId=3#q5


I like tobiaus's idea about a generic password.  Considering this is about getting past a faulty virus scan and not about security, a known password shouldn't be a problem.  I suppose it doesn't matter either way, though, since the password will only be used once by the email recipient.