Gmail apparently using ClamAV

There were rumours here a while ago that GMail was using NOD32 as antivirus for scanning attachements for their free e-mail service.

Now apparently (with 99% certainty) they're using ClamAV.

And I'll tell you why... I've downloaded winrar 3.62 from official website (http://www.rarlab.com/rar/wrar362.exe) and wanted to attach it to my gmail account to send it. I was astonished to see a red label after that with the message: "Attachement can't be sent. It contains a virus".

I've scanned the file on virustotal.com and the only AV to detect it is ClamAV: Trojan.Agent-14588

The conclusion seems simple.

 

Actually a while back I was convinced they use Sophos....tried a few that only sophos detected and it wouldn't allow me to attach them.

I guess they can switch the engine used and we wouldn't notice..

 

They keep it hidden so it's harder to target it perfectly.

 

GMAIL blocks by extension (all *.EXE) too... but the advertisement is different... (illegal file attachment).
I still think they use Sophos...

 

Or perhaps they use more than one.

Blocking exe's is one of the reasons I gave up on gmail. I then tried zipping up my files with a password, but gmail didn't allow that either. So it's goodbye gmail.

 

Well thats how i always thought it worked.
I never been able to attach any '.exe' file on Gmail.

 

I just rar them and encrypt the filename

 

Just zip them and rename the zip , it pass freely then. An encrypted zip still allows you to read the content, that's what GMail does, but if you rename the zip extension, it won't try.

 

I don't quite understand this...I send zip/rar files thru GMail all the time with no problems at all.

Later...

 

Yeah, but you probably don't have any .exe files in those zip.

 

You can send .exe compressed in rar format with password and no problem.

 

@ pykko

I get this warning only:




As already written , GMail will block all kind of executable files.

Currently , ClamAV is still the one to detect a trojan in WinRAR.

With such strong rules , they don't even need antivirus but ...

Google have special contracts with Symantec and they uses Symantec AV on the machines used by their employees . Google offers Norton in their GooglePack . Why not use the same AV in their GMail ?

 

I attached the eicar string to one e-mail and got this from gmail:

edit://Actually this proves gmail is NOT using ClamAV. I sent the eicar virus to a gmail account and another account. The other account is using ClamAV and rejected the mail, gmail didn't reject it!

 

GMail placed it in its SPAM folder , this is where known infected stuff is placed

 

No it came right in to my inblox. I can open it and view the eicar string.

 

According to this:

http://semanticvoid.com/blog/2005/12/03/gmail-antivirus-test-drive/

Gmail actually uses Symantec technology. Go figure.

 

Make sense to me. Norton Security Scan is part of Google Pack.

 

I knew it

 

And even the URL tells that the post is 2+ years old So hardly valid information anymore.

 

For me it's one of the reasons I use GMAIL. Despite spam protection, virus protection, big space, stability, POP3 access and other...



But to send samples by e-mail (actually it's not necessary because I send only to FS using website) I need to use other service that doesn't use AV.

 

Because GMAIL offers a good AV protection for its users and not a "everything passes" AV like Symantec... :|

 

What do you think about using their own sollution??

 

Do they plan to launch a new AV ?
Hmm... and if it's their own solution it must be a good one. I don't think they "play" with a weak AV engine pretending to offer AV protection.

 

Maybe using a multi engine av?

 

I was trying to point out that google has the necessary resources to create it's own AV for email scaning. They could have also bought some parts from certain solutions and integrated them with other parts of their own engines.

Let's not forget that Google File System and other "home-brewed" parts of google.