Gmail apparently using ClamAV

Discussion in 'other anti-virus software' started by pykko, May 4, 2008.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    There were rumours here a while ago that GMail was using NOD32 as antivirus for scanning attachements for their free e-mail service.

    Now apparently (with 99% certainty) they're using ClamAV.

    And I'll tell you why... I've downloaded winrar 3.62 from official website (http://www.rarlab.com/rar/wrar362.exe) and wanted to attach it to my gmail account to send it. I was astonished to see a red label after that with the message: "Attachement can't be sent. It contains a virus". :eek:

    I've scanned the file on virustotal.com and the only AV to detect it is ClamAV: Trojan.Agent-14588 :argh:

    The conclusion seems simple. :ninja:
     
  2. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Actually a while back I was convinced they use Sophos....tried a few that only sophos detected and it wouldn't allow me to attach them.

    I guess they can switch the engine used and we wouldn't notice..
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    They keep it hidden so it's harder to target it perfectly.
     
  4. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    GMAIL blocks by extension (all *.EXE) too... but the advertisement is different... (illegal file attachment).
    I still think they use Sophos...
     
  5. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    Or perhaps they use more than one.

    Blocking exe's is one of the reasons I gave up on gmail. I then tried zipping up my files with a password, but gmail didn't allow that either. So it's goodbye gmail.
     
  6. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Well thats how i always thought it worked.
    I never been able to attach any '.exe' file on Gmail.
     
  7. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    I just rar them and encrypt the filename :)
     
  8. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    Just zip them and rename the zip , it pass freely then. An encrypted zip still allows you to read the content, that's what GMail does, but if you rename the zip extension, it won't try.
     
  9. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    I don't quite understand this...I send zip/rar files thru GMail all the time with no problems at all.

    Later...
     
  10. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    Yeah, but you probably don't have any .exe files in those zip.
     
  11. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    You can send .exe compressed in rar format with password and no problem.
     
  12. ASpace

    ASpace Guest

    @ pykko

    I get this warning only:

    gmail_warning.png


    As already written , GMail will block all kind of executable files.

    Currently , ClamAV is still the one to detect a trojan in WinRAR.


    With such strong rules , they don't even need antivirus but ...

    Google have special contracts with Symantec and they uses Symantec AV on the machines used by their employees . Google offers Norton in their GooglePack . Why not use the same AV in their GMail ?
     
  13. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    I attached the eicar string to one e-mail and got this from gmail:
    edit://Actually this proves gmail is NOT using ClamAV. I sent the eicar virus to a gmail account and another account. The other account is using ClamAV and rejected the mail, gmail didn't reject it!
     
    Last edited: May 5, 2008
  14. ASpace

    ASpace Guest

    GMail placed it in its SPAM folder , this is where known infected stuff is placed
     
  15. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    No it came right in to my inblox. I can open it and view the eicar string.
     
  16. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  17. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Make sense to me. Norton Security Scan is part of Google Pack. :)
     
  18. ASpace

    ASpace Guest

    I knew it :D
     
  19. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
  20. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    For me it's one of the reasons I use GMAIL. Despite spam protection, virus protection, big space, stability, POP3 access and other...

    ;)

    But to send samples by e-mail (actually it's not necessary because I send only to FS using website) I need to use other service that doesn't use AV.
     
  21. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    Because GMAIL offers a good AV protection for its users and not a "everything passes" AV like Symantec... :|
     
  22. EsoxLucius

    EsoxLucius Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    125
    Location:
    Bucharest, Romania
    What do you think about using their own sollution?? :D
     
  23. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Do they plan to launch a new AV ?
    Hmm... and if it's their own solution it must be a good one. I don't think they "play" with a weak AV engine pretending to offer AV protection.
     
  24. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Maybe using a multi engine av?
     
  25. EsoxLucius

    EsoxLucius Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    125
    Location:
    Bucharest, Romania
    I was trying to point out that google has the necessary resources to create it's own AV for email scaning. They could have also bought some parts from certain solutions and integrated them with other parts of their own engines.

    Let's not forget that Google File System and other "home-brewed" parts of google.
     
Loading...
Thread Status:
Not open for further replies.