Why the EML file extension is considered dangerous?

wattie

wattie

Verified User
Joined
May 31, 2008
Messages
1,206
Location
Bulgaria
EML is a file extension for an e-mail message in the MIME RFC 822 standard. Some programs like Outlook use it and some Windows-based webmail software too. For example the biggest Bulgarian e-mail provider abv.bg is packing the original message in EML file when users use the "Forward" function (to forward one e-mail message to another address).

The /etc/system_filter.exim file has a list of dangerous file extensions such as executable files, batch files, vbscripts, etc. One of the extensions is eml. This is effectively blocking some legit e-mails which are not from spammers.

What is the reason for blocking eml? Sure it can itself contain attachment with executable file (for example); however I think that a recursive scan (to a certain dept to prevent "bomb" over which it can be blocked) should be more effective than the "big axe" of cutting all messages with eml attachments.
 
Last edited:
wattie said:
EML is a file extension for an e-mail message in the MIME RFC 822 standard. Some programs like Outlook use it and some Windows-based webmail software too. For example the biggest Bulgarian e-mail provider abv.bg is packing the original message in EML file when users use the "Forward" function (to forward one e-mail message to another address).

The /etc/system_filter.exim file has a list of dangerous file extensions such as executable files, batch files, vbscripts, etc. One of the extensions is eml. This is effectively blocking some legit e-mails which are not from spammers.

What is the reason for blocking eml? Sure it can itself contain attachment with executable file (for example); however I think that a recursive scan (to a certain dept to prevent "bomb" over which it can be blocked) should be more effective than the "big axe" of cutting all messages with eml attachments.
Click to expand...
Hey Wattie
I think it's all relative. Mostly the mistrust is centered around Malware stored it the EML. Since its self opening extension.

searching revels some thoughts..

superuser.com

Are .eml attachments a security risk?

My email service provider blocks mails with attached .eml files, apparently for security reasons, with the result that I loose relevant mails. I have tried to find a description of the current sec...
superuser.com superuser.com
2016
In some email clients, such as Microsoft Outlook, .eml files can trigger active scripting that can be used to launch virus activity. Furthermore, other executable file types can be wrapped in .eml files in order to bypass other virus checking scans. Therefore, many ISPs and email servers block the .eml file type.
Click to expand...

2019
isc.sans.edu

InfoSec Handlers Diary Blog - SANS Internet Storm Center

EML attachments in O365 - a recipe for phishing, Author: Jan Kopriva
isc.sans.edu isc.sans.edu

thedefenceworks.com

The Defence Works is Now Proofpoint | Proofpoint US

The Defence Works is now Proofpoint Security Awareness Training. We have joined forces to empower your users and help them build sustainable security habits.
thedefenceworks.com thedefenceworks.com
 
You must log in or register to reply here.
Back
Top