Helps admins strengthen their network defences
against email exploits
London, UK, 23 May 2002 - GFI's
Email Security Testing Zone, www.gfi.com/emailsecuritytest,
has launched three new email tests. The new tests enable
administrators to find out free of charge if their network is
protected against emails using the Iframe Remote and Object Codebase
exploits, and to check whether their anti-virus software is working
properly.
"GFI's Email Security Testing Zone aims to help administrators
keep abreast of the latest email threats and ensure that their
networks are protected against them," said Sandro Gauci, security
engineer at GFI. "Our new tests check if an email client is
vulnerable to emails that use the Iframe remote and object codebase
exploits. Emails that use either of these exploits are dangerous as
they can circumvent client level anti-virus protection and/or
security settings on the target machine, thereby granting
unauthorized access to a malicious user."
"Email viruses that rely on email exploits to disseminate are
becoming more frequent, overpowering traditional methods of email
security. This means that security administrators must step up their
network security and use innovative multi-layered products against
the latest email threats," added Nick Galea, GFI CEO. "Products
restricted to a single anti-virus engine no longer offer sufficient
protection; an email exploit detection engine like the one included
with GFI MailSecurity, is a must to combat such email attacks."
The third addition to the zone is the well-known Eicar anti-virus
software test. "So far administrators wishing to run this test virus
have had to download it and then email it to themselves. They can
now run it through our Email Security Testing Zone which
conveniently emails it to them on demand," Mr. Gauci pointed out.
Iframe Remote vulnerability test
This test checks
whether a mail server blocks emails containing an Iframe that points
to a file residing on an HTTP server. This email exploit can bypass
a PC's security settings. It disarmingly contains no attachment but
invites the recipient to open a file that seems both harmless and
interesting but is actually an HTA file in disguise. HTA files
contain commands that, when executed, can do virtually anything on
the recipient's PC. This includes running malicious code such as
viruses and worms.
Object Codebase vulnerability test
This test reveals
whether a mail server detects and blocks emails that use the Object
Codebase exploit. This exploit allows local files to be
automatically executed, regardless of the security settings on the
target machine. An email using this method can run on any computer
that has an unpatched version of Internet Explorer 6.
Eicar anti-virus software test
This is a safe and easy
way for users to check if they have anti-virus protection and/or if
their anti-virus software is working.
Test if your system is vulnerable to these email
threats
Email users can sign up for these tests by submitting
their name and email address at GFI's Email Security Testing Zone,
http://www.gfi.com/emailsecuritytest/.
They will then receive harmless tests by email, through which they
can check if their email system is vulnerable to a number of email
threats. The zone also includes tests for threats such as emails
containing infected attachments, emails with malformed MIME headers,
HTML mails with embedded scripts and email attacks that can
circumvent default Outlook 2002 (XP) security settings.
About GFI MailSecurity
GFI MailSecurity for
Exchange/SMTP is an email content checking, exploit detection,
threats analysis and anti-virus solution that removes all types of
email-borne threats before they can affect your email users. GFI
MailSecurity's key features include multiple virus engines, for
better protection; email content and attachment checking, to
quarantine dangerous emails; an exploit shield, to perform email
intrusion detection and defence; and an email threats engine, to
analyse & defuse HTML scripts, .exe files & more. Pricing
starts at US$295 for 10 users and includes a year of free anti-virus
engine updates. More product information can be found at http://www.gfi.com/mailsecurity.
About GFI
GFI is a leading provider of Windows-based
security and communications software. Key products include the GFI
FAXmaker fax connector for Exchange and fax server for networks; GFI
MailSecurity email content/exploit checking and anti-virus software;
and the GFI LANguard family of network security products. Clients
include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants,
NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has six
offices in the US, UK, Germany, France, Australia and Malta, and has
a worldwide network of distributors. GFI is a Microsoft Gold
Certified Partner and has won the Microsoft Fusion 2000 (GEM)
Packaged Application Partner of the Year award.
All product and company names herein may be trademarks of their
respective owners.
| 
