Slashdot Mirror
GMail Adds Virus Protection
AxsDeny writes "Google has rolled out virus protection for it's web based email service. Apparently they are scanning incoming and outgoing messages for infected messages. Read more on their "what's new" page."
← Back to Stories (view on slashdot.org)
That's it, that's EVIL and I'm quitting GMail now!
GMail has been my faithful virus depository, now where can I go today? HoTMaiL?
I wish it gives users the option to still retrieve the virus if they insist.
Rock that crushes, Paper & Scissors that don't matter.
Oh come on... Why keep up the pretence of being 'editors' if you don't even fix stupid mistakes like it's versus its?
its, not it's. Sorry.
HI, MY NAME IS ISAAC.
The link just says "Yup, we're removing viruses."
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIR US-TEST-FILE!$H+H* makes it through fine.
.. can we say Google is now replicating? :)
This in itself is not surprising -- it's a natural step that Google had to take in order to compete with the other biggies in the business. What I'm more interested in knowing is if Google has put that army of Ph.D.'s into developing the AV technology. I don't see any other reason to wait so long for adding virus protection -- they could just as easily have licensed some commercial AV months ago, seeing as AV is one of the features that novice Internet users look for most. Now that MS is into AV, will Google follow suit? I'm hoping...
An old-timer with old-timey ideas.
Not on the same day MS starts beta testing their anti-virus solution.
I'm gonna fucking kill this guy, I did it before and I'll do it again, I'm gonna fucking kill google!
Where's a chair?
So what? Yahoo and the other big players have had this for years. That's like announcing that Ford is now selling cars with anti-lock brakes and power steering. That's great and all, but I wouldn't consider that news.
Indeed what is new?
They were having some sort of virus protection already that involved disallowing certain file extensions inside zip files and mangling(!) files with other extensions (.asc) or maybe headers (MBZ)
Does it mean they are finally doing it right(tm) now, actually scanning for virii?
I'm still trying to figure out what people mean by 'social skills' here.
SCAN THIS GOOGLE!
Don't anthropomorphize computers: they hate that.
I use GMail on OS X so I don't need it...
</sarcasm>
This
If the virus can't be removed from the file, you won't be able to download it.
......
If a virus is found in an attachment you're trying to send, you won't be able to send the message until you remove the attachment.
Now I know Google is pretty good and reliable, but that's sort of a harsh way to do business. There should be some sort of work-around if Google gets it wrong on what is and isn't a virus (which I assume they are going to do sooner or later). I mean, a false positive would get you cut off from what could be vital information. If that happens to someone, they'll be mad, even though it was done for a good reason. I hope they at least warn the people that there was an attachment.
Actually the "What's New" page is here, not what was linked to.
Also, I'm still pissed they havent added the option to empty the spam folder, yes I know it gets automagically deleted after 30 days, but I'd like to clear it out without having to go through 30 pages.
Your hair look like poop, Bob! - Wanker.
I for one look forward to EPIC
Promote Charity on Myspace, Show Your Colours!
flag mp3s and archives as unsafe by default?
perpetually dwelling in the -1 pits
So much for the .zip.remove.everything.after.the.first.zip.includi ng.the.period files.
I've been using GMail for about 2 months now, and I like it better than any other free e-mail service because of its features. Personally I don't open any e-mail attachments without scanning them first, but now they add virus scanning to their service, many end users that don't have an anti-virus on their system will benefit from this feature.
Webmail will never replaced a normal MUA. Essentially, until I found a decent up-to-date MUA (Being an ELM user hating PIne and Mutt), I used gmail. Now that I have Mail.App, I just use Gmail as a safety repository for deleted mail.
From the page..
"If the virus can't be removed from the file, you won't be able to download it"
All that talk about false positive and important (project/contract saving) mails sounds so important suddenly...
I've got 10k+ e-mails in my gmail account, though, and I don't think any have any virus-laden attachments, though.
What I really want is a "yes, I'm unilingual, I speak English and if an e-mail isn't in English, its spam" setting.
now all they need to do is implement a feature to disable the spam filter and/or IMAP
What's next?
1) Scanning for copyrighted material?
2) Scanning for pornography?
3) Scanning for insider trading information?
4) Scanning for links to Google competitors?
5) Reading your email to display relevant advertisements? (oh crap...)
In a surprise move for illiterate, clueless morons everywhere, popular tech website Slashdot has added a spell checker that can tell when IT'S is actually supposed to be ITS. Although a third grader can tell by himself, adults are stymied by the difference.
... but they are no longer allowing ANY zipfiles containing .exes to be transmitted to a gmail account.
That's obviously pretty damned annoying for people who actually work with zipfiles. "Here, give this version a try." "What version?"
I've sent them polite feedback requests to stop doing that. Other services scan zipfile contents for known viruses; Google is just dropping the zipfiles altogether. In my message to their support folks, I pointed out that letting virus writers dictate the design of your mail service isn't the best long-term business model.
This is a natural outgrowth of the fact that they can't effectively index virii.
Therefore, they must be destroyed.
Has anyone else noticed that their accounts are falling behind when it comes to upgrades? I discovered the auto-save feature yesterday by accident when I was peeking over one of my friends' shoulder, I asked him how long it had been there. "A month, maybe", he replied.
How come I haven't seen that feature yet? Even my dummy accounts get upgrades.
They have gmail scanning for viruses... They have google desktop indexing the files...
Soon, they'll release a google-desktop extension that scans viruses on windows.
google really is taking over microsoft (windows)
Welcome to the new SlashDot community. It's the latest and greatest Digg.com mirror. Come on guys, quit reporting crap that was already reported 6 hours ago on a better website.
I'm a Linux user. How does this affect me?
Does this mean Google will be targetting their advertising based on the kind and number of viruses they filter out?
For people who get a lot of viruses, they can advertise privacy tools, anti-virus software and adware removers.
For people who do not get a lot of viruses, they get to see ads for social networks, dating sites, etc.
Again, E-mail is only for old people....... isn't it? At least it is here in Korea. We use Google Talk, not GMail. You guys are oldfashioned!
I can't say I know much, but I have been irritated many times that it would not let me include a zip with a binary file (something I do often in testing programs).
I'm off topic so I figure this'll burn abit of karma. However I've noticed that even as webmail becomes more pervasive, it gets harder and harder for me to attatch certain files. Sometimes I need to send exe files around, and even if I put it into a zip file, or change the exe to a .dat file...it still buggers it and refuses to take the upload. I'm figuring that even if I find out some other way to start hiding my exe files, having a virus scanner go through it is going to make it just that much harder to send my work through.
they still let .rar files containing executables through.
Though their Spamfilter is rather good, I still hate logging in every couple of days to see if it hasn't accidentaly gotten a false positive (It has, sometimes, because I don't store my friends addresses online, so they aren't whitelisted). I prefer using my own mail client and my own filters, thank you, Google. (Disallow pop3-access, if you dont want me to use it :-P )
following the trend for MS, it looks like hotmail is copying gmail and checking for viruses as well. :)
The real story here is that GMail went live without virus scanning in the first place considering that at least one of their major competitors, Yahoo!, already had it. In a lot of ways Google reminds me of the go go tech companies back in the tech boom of the late 90's when updates and "news" came on an almost hourly basis. Am I saying Google is going too fast? Maybe, but I do admire their enthusiasm energy. They certainly woke up Yahoo!, AOL, and MSN to name a few.
To the making of books there is no end, so let's get started
Because I am getting tired of renaming my files and explaining n00b aunts how to re-rename the files when they receive them.
except for one thing: what if there's a false positive? Being unable to download a file because of a false positive would piss me off.
I use gmail exclusively on my Alpha running VMS...There are no known viruses for this platform and I really really REALLY doubt that anyone will ever create one anyway.
why does Google feel the need to protect me from anything?
There should be an option to turn it off.
No, they don't. I tried it today to no avail. UUencode to the rescue :-)
well, i don't know about everyone else but i think if someone crapped out an "e"-shaped piece of shit i'd think it was pretty awesome. e isn't exatly the easiest letter to make with your ass.
-- lol pwned
Google may not be able to stop fast moving threats because they don't reanalyze pages that often (unless they offered a proxy service), but they could stop corporate-sponsored malware by advertisers and less ethical site providers.
Two wrongs don't make a right, but three lefts do.
The next, obvious, and far too long overdue, step is for Google to flag web-sites that attempt to install malware, redirect you to sites you didn't want to visit, spawn endless pop-up windows, attempt to create a full-screen browser that you can't close, or disable features of your browser like right mouse button clicks. Since they've already spidered it, and in most cases cached it, they can darn well scan it for viruses and other crap at the same time! Their virus, adware, spyware, malware signature files would certainly be more upto date than my own. They could even be protecting surfers now from the current unpatched IE exploit by warning of sites that have dodgy or questionable code while MS takes its own sweet time coming up with a patch.
The first decent search engine that takes this step to protect its users can count on the majority of my traffic.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Real men FTP files from the command line anyhow.
Never once have I had a virus from an email. 10 times i've had a virus for sitting online with an unfirewalled windows installation for a couple of minutes but never from an email. Im not even careful about opening attachments or downloading crap from dodgy sites and still nothing - am i doing something wrong?
This comment does not represent the views or opinions of the user.
From what you read on "Linux Activist" only the login phase of email sessions is encrypted and protected from prying eyes... They could also address this kind of potential security breach instead of bothering me each time I try to send an executable...
FTP? Bah, real men SCP files on over!
I'll just write a program to email myself every file on my hard drive and see what fails, or maybe use that gmail as file system thingy.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Wouldn't that be a grammar checker?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Not directly related, but this reminds me of my college days. I used to work at the technology help desk. It took years to get spam protection on the email accounts at the school because some crazy staff members demanded that they receive EVERY SINGLE email sent to them. Eventually, a system was set up, and it allowed a user to log into a service that showed them what spam was blocked. If the user wanted, he or she could have any message in that list delivered. Then after a week or so, a message was permanently deleted from the quarantine if not delivered.
We phone-jockeys were informed that the system had certain levels of spam probability assigned to each message, and we could tell the users that. What we couldn't mention was that spam with the highest probablility didn't even make it to the quarantine. The spam problem was just so bad that we had to get rid of some of it, but we tricked everyone into thinking that they could get everything they received.
It's scary being a Flash and Flex developer on Slashdot. You guys are unnaturally rabid.
Why 2 clicks to reply-to-all?
Seems an unnecessary draconian measure.
Is that for your dongle?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Is it me, or is digg kicking /.'s ass? I just started frequenting digg, and am noticing that they beat /. to the punch on so many stories..
Google is just dropping the zipfiles altogether.
Probably due to the computing power required to unpack before scanning, it really is quite slow. Does tar.gz work any better? It is expensive to even see what a gzipped tar contains so they probably won't do that.
When will we see a google OS. I wonder., maybe they would be able to outclass Microsoft, or maybe they'll be the next microsoft and become Google$$$$.
...but they've been blocking executable file types, and most formats that can be scripted as well. I couldn't even email myself an Access database (yes, I know access is evil, but a client had all their customer info in one).
Will I get ads based on the Virus ???
"There is almost no legitimate use of email to send executable code, way over 99% of all executable attachments are malicious."
Almost all worms come in zip files these days. You want them to block zip files!?
I'd sure rather send a 500k attachment than a 2mb one when possible, and any amount of decrease in size of REALLY large attachments is welcome... especially since our company is a Microsoft shop using that wonderful bandwidth hog, Exchange, with a 512k pipe serving an average of 50 users.
(NO, I did NOT make these decisions!)
"It's entirely personal, though at one remove."
I use gmail as a backup for my regular mail, and I bounce all emails to google. I'd been getting viruses emailed to my regular mail, but gmail was killing them off.
Not sure about the sending though. Never needed to send a virus.
I thought they had virus scanning from the beginning. I have been using GMail exclusively for over a year and funnelling all of my mail into it. I have never had a virus infected email get through and I used to get tons of it on my ISP account.
I just noticed that today. Hopefully I'll be getting less of those damn emails form some credit union that say I need to update my account information.
When travelling, it's ok if the airlines lose your emotional baggage.
Just tested with the harmless Eicar virus. Here's what I get from our sending mail server (various bits XXX'd out) Cmd: EHLO - xxx.xxx.xxx.com Res: 250-mx.gmail.com+at+your+service Cmd: FROM:+SIZE=5940 Res: 250+2.1.0+OK Cmd: RCPT - TO: Res: 250+2.1.5+OK Cmd: DATA Res: 354+Go+ahead Res: 552+5.7.0+Illegal+Attachment+g9si301327wra It's obvious that the e-mail is blocked at SMTP level - the mail never gets to my Gmail account and I never know if it came in. Let's hope that there are no false positives because I'd never know!!!
I guess that means they are probably not using ClamAV then.
SurfControl
Access Denied
Access to the requested URL has been denied by SurfControl
The SCP command does not have any way of handling cases where a file is transferred between machines of significantly different architecture, although that's interesting.
It allows you to send zip files that dont contain exe files.
They are not dropping zip files, only zip files that contain executables. You can still send your zipped up data.
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
Gmail blocks .exe attachments, so what would a virus scanner be used for?
There is no god but Google and GTalk is the messenger of Google.
now what am i going to do!! damn it!
What's the point if they're outright blocking file extensions like *.mdb (MS Access)? I teach a Technology class and most of my students use Gmail. Basically, I've had to teach them to trick Gmail by changing the file extensions just to turn in a single homework assignment! What's the point of outbound virus protection if Gmail isn't even giving Access databases a chance?
This means that a computer program on GMail's servers is going to be scanning my sensitive e-mails! Some computer program "reading" all of my digitally stored, personal e-mails is simply unacceptable!
Outlook adds virus protection.
Correct, which is what I said.
.exe file (that I just compiled myself) and send it to a client.
It is not useful to operate a mail service that won't let me zip an
Which is why I just whistle my date ROT-13'd over a 300 baud connection.
@flea ~ $ wine expand test.zip_ test.zip
LZCopy failed: return is 0
@flea ~ $
I renamed a blocked zip file to xpi, and subsequently, gmail was happy taking it.
calc.exe.zip is stopped
calc.exe.zip_ and calc.exe.zip.something.else.txt are not
But the thing that annoys me is how they handle viruses. If I try to send a "virus", I get this message...
mail.google.com:
Oops...the system was unable to perform your operation.
Please try again in a few seconds.
Can you be any less informative?
Wouldn't it be gccgle?
(Think google with two cent marks as 'o's, slashdot striped them)
Antivirus files test yX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVI R US-TEST-FILE!$H+H*--[carrier has no me]
You can hold down the "B" button for continuous firing.
Strangely enough, if you send more than one .exe file within a .zip it will mail just fine. I found this out when sending a C# project to a friend.
10: SIN 20: GOTO HELL
I'm picturing their clusters of thousands of computers intelligently finding new strains of viruses before they can cause any damage based on indexing they do from millions of gmail users' email. Could be pretty. I have to imagine the thought is crossing their minds.
:wq
that google releases virus protection on World AIDS Day.
I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
Their idea of executable includes "anything we don't understand"
.xml.gz file, and Google drops it too.
I have a zip file that happens to include a
I don't think that was related to what you were doing - I sent a perfectly valid plain text message yesterday and got that error as well, then hit send again a few seconds later and it worked... maybe the loadavg threshold had been reached somewhere...
-William Brendel
"for it's web based" -> "for its web based"
More and more, one can read articles on SD that should be titled "illiterate kids".
I would consider using my gmail account if IMAP was supported. ...
So I can use a proper mail client
Never thought of that. And it.s simple too boot. Renaming an .exe to .exx or whatever does not work for many people. Most XP users can't even see file extensions by default.
If you wanna get rich, you know that payback is a bitch
I wonder if gmail's virus protection will be as lousy as my current ISP which blocks any email based on a text search of some type - emails that contain text explaining how mime headers are constructed get blocked depending on the text of the email. It sucks big time and I have had a losing argument with my ISP for losing my emails (they are God).
From your quoted headers: "Debian-3".
Does this mean they use Debian in there?
Last time I heard they kept saying that they took some RedHat version and trimmed it down to fit.
Or maybe it's just for other types of servers.
Burning karma...
There isn't an anti-virus product on the planet that's 100% perfect. Every one of them misses things and every one of them has false postives. Some worse than others.
Google doesn't seem to say if they've licensed somebody's scanner engine or rolled their own. I don't care for any of the licensed engines and they may BE Google but I don't see how that qualifies them to roll their own.
I use a commercial AV scanner product. I think it works resonably well. I trust it as much as anyone can trust these things. The product offers the option to warn me or repair most infected files. Google doesn't seem to do that, they just throw away the file. Suppose MY scanner can fix it. I should be allowed to try. Google won't let me. Google won't even tell me that it's deleting the files.
Look Google, I don't need you to make those choices for me. I signed up for email, not so you could play games with my mail.
Sig for hire.
Yeah, virus protection is great and all, but I seriously don't care.
When do we start seeing GCalendar, GTodo, and GNotepad?
The Rapture is NOT an exit strategy.
What's your email address?
"If you have nothing to hide, you have nothing to fear." - Every fascist, ever
> Which is why I just whistle my date ROT-13'd over a 300 baud connection.
:)
Which is why that is the only date you get!
Try renaming your attachment foo.zip to foo_zip. It will get around their filter and it's obvious what the original file is supposed to be.
That's only true for known file extensions. Windows won't hide .exx or any other file extension it doesn't recognize.
I know this is the standard error message when a mail cannot be sent (when SMTP mail server returns a temporary error (geekspeak: an smtp 400 error)).
I tried this a couple of times with the Eicar test virus, removed the attachment and successfully sent the email.
Then I added the virus again and got the error.
Finally I tried sending a clean attachment, successfully
This IS what I got when the web interface found a virus.
And still no pop downloads from other accounts...
I used to collect email in another free online service which permitted POP3 downloads (in this case to Mercury/32 running on my laptop, because I had special needs). I had a plugin for Mercury to scan for viruses and there seemed to be quite a few coming through. Then the free email service went dark for a few hours so I switched to using GMail, again with POP3 downloads, and I now almost never receive viruses. I think I had 4 over the whole of November, compared with in excess of 250 in the previous month. I just assumed GMail was filtering the viruses, so it seems strange that only now they mention it formally. Perhaps I was an unwitting beta tester.
EPA filters zip files, too. Makes it a pain to get things through, particularly when you're working with them. I just renamed all my zip files .piz and everyone was happy. You can even associate .piz files with WinZip on the other end and it works just like normal.