Email security: Zipped content

346195 pts.
Tags:
Email security
Security
One of my good friends, he's a developer and wanted me to ask this question on the forum. He currently sends a DLL or EXE file to one of his customers (who's a part of a big company). This is his process:
  1. Rename the executable file (module.dll -> module.d__)
  2. zip the file with password so that it cannot be unzipped by the mail server
  3. rename the zip file (module.7z -> module.7.txt)
  4. send this via email and add a lengthy explanation for the guy at the other end on how to get at the file
  5. cross fingers that it'll get through the filters

He understands that the email filter won't bare EXE attachments but here's his question: Are email filters (that are unzipping attachments and additionally checking the unzipped files for executables) adding any more security? Hopefully this makes sense. Thank you.


Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta

    If the filter allows such an attachment to get through, then, no, it's not as secure as it needs to be.

    The big problem is that SMTP is not intended to be a "file transfer protocol". If file transfers are needed, then a real "file transfer protocol" such as FTP should be used. (FTP or sftp or any related protocol can be used as appropriate.)

    By using obfuscation methods, it tends to convince e-mail server administrators to block more and more kinds of attachments (as they should).

    If a FTP server (or any common alternative) can't be used, then a Dropbox or similar web-based account can be used. By using appropriate transfer methods, the problems you ask about generally don't exist in the first place.

    Tom

    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following