Zip Considered Harmful?
by Chris Adamson
As the editor of ONJava and java.net, I've put together a collection of documents to help writers with their articles. These include two docs on style and process handed out by most O'Reilly Network editors, a further style guide unique to the Java sites, and an HTML template to get started with (we only accept HTML - no MS-Word). Of course, since these files need to stay together, I've zipped them up and send them out as
Well, at least I did. I've been having a problem with a lot of sites lately, GMail in particular. Apparently, they don't take .zips:
Hi. This is the qmail-send program at xxxxxxxxx.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
(firstname.lastname@example.org) 220.127.116.11 failed after I sent the message.
Remote host said: 552 5.7.0 Illegal Attachment m35si1200988rnd
I suppose this comes from all the vile malware cargo that can come along for a ride inside a .zip, maybe enhanced by mailers (or clueless users) that automatically expand zips, but is banning .zip really the answer? This policy causes so much collateral damage to e-mail functionality, and the spammers and thieves will just move on to any of their other 100 dirty tricks anyways.
Besides, I fail to see how this makes anyone safer. One of my authors said his company has a standing "no zip" policy, so they just swap
.piz files -- i.e., sender changes the extension from
.piz, receiver changes it back. Easy workaround.
Another approach: just use any of the other, less-ubiquitous compression formats, like
tar.gz, StuffIt, ARC, etc.
For the meantime, if you're trying to write for ONJava -- or just interested! -- I've attached the file to this blog: onjava-javanet-writers-guide.zip. And at some point, we'll just link the files on the left column of the page.
But still, that doesn't help for swapping drafts back and forth. This seems like a problem that's only going to get worse.
Have you been inconvenienced by the ZIP lockout?
Clear sign of an overly paranoid IT policy combined with poor quality anti-virus software.
Any decent AV package nowadays can scan the contents of zipfiles on the fly even in email attachments, so there's no reason to block them.
But I've seen worse. At one customer site they were blocking all email attachments. They also blocked all file types sent over HTTP (all other protocols were blocked) except HTML, HTML, TXT, and GIF (yes, they blocked on file extension, not mimetype).
To our (as external consultants) great joy that meant they even blocked their own intranet and internet sites from their own staff :)
Yep, I've been smacked
Our work does not allow ZIP files. All we do to get around it is to rename the extension ("zi", "zit") and send them through with a note. But, it's a hassle.
I always rename the files to .virus, just for irony's sake. (it always seems to work)
Google, the next evil empire?
In an effort to make my life easier I'm trying to use GMail as a central point to consolodate my email. I redirect my work email account (among others) to my gmail account.