London, UK, 15 November 2001 - GFI has launched an Email Security Testing Zone to enable organizations to check whether their email systems are vulnerable to email viruses and attacks. The zone, http://www.gfi.com/emailsecuritytest/, allows visitors to discover instantly if their system is secure against current and future email threats, such as emails containing infected attachments, emails with malformed MIME headers, and HTML mails with embedded scripts.
The need to protect against current and future email threats
Virus-writers can modify existing viruses at any point, meaning that simply protecting against known email viruses is not enough: email systems must be secure against both current and future email threats. This can only be achieved by protecting against all currently known methods of email infection. To see if their email systems are protected in this way, organizations can now use GFI's Email Security Testing Zone.
"Often, it is only upon infection by an email virus that businesses realize they are vulnerable to email-borne threats. GFI's Email Security Testing Zone now allows organizations to instantly discover if they are vulnerable, enabling them to take proactive steps to defend their email system," explained Nick Galea, GFI CEO.
GFI's Email Security Testing Zone currently includes 4 tests:
* VBS attachment vulnerability test This test checks whether a mail server blocks VBS attachments. VBS files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms. The LoveLetter or Love Bug, and AnnaKournikova are examples of viruses transmitted using this method.
* CLSID extension vulnerability test This test reveals whether a mail server detects and blocks files with CLSID extensions. Attachments having a CLSID extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG or WAV files - that do not need to be blocked.
* MIME header vulnerability test This test examines whether a corporate system is protected against emails using the MIME exploit. The MIME exploit makes use of a malformed MIME header and an IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS file is automatically executed upon opening the email, thus making this exploit very dangerous when combined with virulent code. An example of this is the notorious Nimda virus and its variants.
* ActiveX vulnerability test Through this test, users can discover if their machine is vulnerable to the ActiveX exploit. ActiveX within HTML content can circumvent security measures in certain circumstances. Vulnerabilities within Internet Explorer and Outlook allow such content to be executed.
Users can sign up for these tests by submitting their name and email address at GFI's Email Security Testing Zone. They will then receive harmless tests by email, through which they can check the vulnerability of their email system. For more information and to request the tests, please visit: http://www.gfi.com/emailsecuritytest/.
GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is the developer of FAXmaker, Mail essentials and LANguard, and has supplied applications to clients such as Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award, and was named one of 1999's fastest growing software companies for Windows by Microsoft Corp. and CMP Media.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.