Dealing with Gmail’s attachment ‘security’

Blocked!

Blocked!

Ugh I’m sure I’m not the only one that has this issue.  So before google drive, and friends were a thing, gmail gave us 1GB of mail space (at the time why it was called ‘G’ mail).  And what better way to make files available between machines than to email them to yourself?

Well this worked for YEARS then they started to block some extensions, and now they block damned near everything.  From their ‘Learn more’

Some file types are blocked

As a security measure to prevent potential viruses, Gmail doesn’t allow you to send or receive executable files (such as files ending in .exe). Executable files can contain harmful code that might cause malicious software to download to your computer. In addition, Gmail doesn’t allow you to send or receive corrupted files, files that don’t work properly.

File types that can’t be sent or received

You can’t send or receive the following file types:

.ade, .adp, .bat, .chm, .cmd, .com, .cpl, .exe, .hta, .ins, .isp, .jar, .jse, .lib, .lnk, .mde, .msc, .msp, .mst, .pif, .scr, .sct, .shb, .sys, .vb, .vbe, .vbs, .vxd, .wsc, .wsf, .wsh

Messages containing the types of files listed above will be bounced back and returned to the sender automatically. Gmail won’t accept these file types even if they’re sent in a zipped format. Here are some examples of zipped formats:

.zip, .tar, .tgz, .taz, .z, .gz, .rar

Well isn’t that great.  Of course when I’m uploading source I tend to include executables, custom batch scripts to either clean or prepare, and sometimes run whatever it is I’m doing. Perhaps libraries, jar’s and maybe even device drivers.

Thinking the email attachment had been lost I was looking to see if I can forward it, when I stumbled onto this interesting bit:

show original

The show original option!

This lets you view the email in it’s un- formatted state, which also includes the attachments!

So from here it’s a simple matter of saving the file to your hard disk.  It is important that you ONLY save the base64 portion not that headers.  I guess this is a pain for multiple attachments as b64 doesn’t read MIME containers.

If you look at an email it’ll roughly look like this:

MIME-Version: 1.0
Received: by 10.64.9.141 with HTTP; Tue, 29 Oct 2012 13:33:16 -0700 (PDT)
Date: Tue, 29 Oct 2012 13:33:26 +0800
Delivered-To: [email protected]
Message-ID: <CA+rfG9Z-5Ej7iuXs36a_Lryqw+gs52GMUEFE9XPrSswjHRxXqw@mail.gmail.com>
Subject: doom?
From: Neozeed <[email protected]>
To: The Number One Guy <[email protected]>
Content-Type: multipart/mixed; boundary=001a11c3b874d1eaf704e9dde937

--001a11c3b874d1eaf704e9dde937
Content-Type: multipart/alternative; boundary=001a11c3b874d1eaf204e9dde935

--001a11c3b874d1eaf204e9dde935
Content-Type: text/plain; charset=ISO-8859-1

Don't lose this file!

--001a11c3b874d1eaf204e9dde935
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Don't lose this file! =A0<div><br></div>

--001a11c3b874d1eaf204e9dde935--
--001a11c3b874d1eaf704e9dde937
Content-Type: application/octet-stream; name="DOOM_SRC_102813.7Z"
Content-Disposition: attachment; filename="DOOM_SRC_102813.7Z"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hncxub2b0

N3q8ryccAAPH+QLokKMEAAAAAAAkAAAAAAAAAKm3ezkABoLDcK0hSHl0xaeKFIsLY1Idc7MMQAtM
jDXWS9Sc5PvtvOmy27+byH8YZTOBY65JnEi5L9U41YDw53Wi1/xxpcR8Az8yIfc7DjQIT0ULtATL

We start the file at the ”

N3q8ryccAAPH+QLokKMEAAAAAAAkAAAAAAAAAKm3ezkABoLDcK0hSHl0xaeKFIsLY1Idc7MMQAtM

line.  I’m going to save it in notepad as “attachment.b64”

Now for the decoding!

I’m using b64, from sourceforge.  However you need an ‘older’ version 1.4 as the newer version has a decode bug.  Also

b64 -l76 -d attachment.b64 output.7z

And this will (blindly) decode the attachment.b64 into output.7z.  And from here you can extract the file without any issues.

As a bonus, if you have Outlook, you can just save the entire file as an .eml and open it in Outlook!

So easy!

So easy!

Also for Outlook 2003/2007 users you may have to use this registry alteration to have them support directly loading of .eml files.

6 thoughts on “Dealing with Gmail’s attachment ‘security’

  1. Did it stop working also with password-encoded zip/rar/7zip files (with encryped file names or extension changed in case of an exe)?

    • The only problem is that it’s too late to password encrypt them… I wanted stuff from 2004, which included device drivers…

      Sooner or later I kind of expect them to ‘block’ files that it cannot understand. I just hope they don’t delete them!

      I guess the real thing to do here, is setup an archive, and download all my gmail.

        • Oh good, at least there is another ‘attack’ vector to get at my email attachments… 🙂

          Looking back over the last 11 years though, I do have a lot of crap I’ve emailed myself over the years.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.