With the rise of malicious JavaScript email attachments, Google has decided to block them all together on its Gmail service. Here’s what you need to know.
Google already blocks the following types of attachments on Gmail to ward off potential malware. Here’s the fill list:
.ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSI, .MSP, .MST, .NSH, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH
From February 13, files attachments ending in .js (JavaScript files) will be placed on the ban list as well.
“For inbound mail, senders will get a bounce message explaining why the email was blocked,” Google said in an announcement post. “If you still need to send .js files for legitimate reasons, you can use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files.”
Comments
One response to “Gmail Will Block JavaScript File Attachments Very Soon”
Makes sense, though phishers will use other attachments types for their exploits.
I wonder if Google scans attachments for those trying to obfuscate embedded files that’re banned or permits encrypted attachments as it cannot peer into them?