Why the EML file extension is considered dangerous?

wattie

Verified User
Joined
May 31, 2008
Messages
1,041
Location
Bulgaria
EML is a file extension for an e-mail message in the MIME RFC 822 standard. Some programs like Outlook use it and some Windows-based webmail software too. For example the biggest Bulgarian e-mail provider abv.bg is packing the original message in EML file when users use the "Forward" function (to forward one e-mail message to another address).

The /etc/system_filter.exim file has a list of dangerous file extensions such as executable files, batch files, vbscripts, etc. One of the extensions is eml. This is effectively blocking some legit e-mails which are not from spammers.

What is the reason for blocking eml? Sure it can itself contain attachment with executable file (for example); however I think that a recursive scan (to a certain dept to prevent "bomb" over which it can be blocked) should be more effective than the "big axe" of cutting all messages with eml attachments.
 
Last edited:

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
670
Location
Murfreesboro
EML is a file extension for an e-mail message in the MIME RFC 822 standard. Some programs like Outlook use it and some Windows-based webmail software too. For example the biggest Bulgarian e-mail provider abv.bg is packing the original message in EML file when users use the "Forward" function (to forward one e-mail message to another address).

The /etc/system_filter.exim file has a list of dangerous file extensions such as executable files, batch files, vbscripts, etc. One of the extensions is eml. This is effectively blocking some legit e-mails which are not from spammers.

What is the reason for blocking eml? Sure it can itself contain attachment with executable file (for example); however I think that a recursive scan (to a certain dept to prevent "bomb" over which it can be blocked) should be more effective than the "big axe" of cutting all messages with eml attachments.
Hey Wattie
I think it's all relative. Mostly the mistrust is centered around Malware stored it the EML. Since its self opening extension.

searching revels some thoughts..

2016
In some email clients, such as Microsoft Outlook, .eml files can trigger active scripting that can be used to launch virus activity. Furthermore, other executable file types can be wrapped in .eml files in order to bypass other virus checking scans. Therefore, many ISPs and email servers block the .eml file type.
2019

 
Top