GFI Email Security Zone
August 18, 2002
by Ryan Smith
With the ease that virus-writers have by modifying existing viruses at any
point, simply protecting against known e-mail viruses is not enough these days -- e-mail systems
must be secure against both current and future e-mail threats. This can only be
achieved by protecting against all currently known methods of e-mail infection.
To see if your e-mail systems are protected, GFI is hosting an Email Security
Testing Zone that performs these tests for you for no charge. The zone is located
at GFI's website, http://www.gfi.com/emailsecuritytest/,
and allows visitors to discover instantly if their system is secure against current
and future e-mail threats, such as e-mails containing infected attachments,
e-mails with malformed MIME headers, and HTML mails with embedded scripts.
GFI's Email Security Testing Zone currently includes 10 tests:
ActiveX Vulnerability Test
This test allows users to discover if their machine is vulnerable to
the ActiveX exploit. ActiveX within HTML content can circumvent security
measures in certain circumstances. Vulnerabilities within Internet
Explorer and Outlook allow such content to be executed.
CLSID Extension Vulnerability Test
This test reveals whether a mail server detects and blocks files with
CLSID extensions. Attachments having a CLSID extension do not show the
actual full extension of the file when saved and viewed with Windows
Explorer. This allows dangerous file types to look as though they are
simple, harmless files (such as JPG or WAV files) that do not need to be
blocked. This method may also circumvent attachment checking in some e-mail
content filtering solutions.
CLSID Extension Vulnerability Test for Outlook 2002
This test is similar to the standard CLSID extension vulnerability test,
except it can also circumvent the security provided by Outlook XP (2002),
which makes use of multi-layered security.
Eicar Anti-virus Software Test
This test enables you to check if your anti-virus software is in place and
GFI's Access Exploit Vulnerability Test
This particular example allows VBA (Visual Basic for Applications) code to be
automatically executed without any warnings, regardless of the security
settings on the target machine. It can be very dangerous to open an e-mail
that makes use of this particular method since it runs on any computer
that has Internet Explorer.
Iframe Remote Vulnerability Test
This particular example allows files to be downloaded to the desktop machine
from a remote HTTP site, regardless of the security settings on the target
machine. Once downloaded, the files can be executed. This method allows
attackers to circumvent attachment checking such as the security settings
in Outlook 2002.
Malformed File Extension Vulnerability Test (for Outlook 2002)
This test examines whether your Outlook 2002 (XP) system detects and blocks
files with malformed HTA file extensions. HTA files contain commands which,
when executed, can do virtually anything on the recipient's PC. This includes
running malicious code such as viruses and worms.
MIME Header Vulnerability Test (Nimda & Klez testing)
This test examines whether a corporate system is protected against e-mails using
the MIME exploit. The MIME exploit makes use of a malformed MIME header and an
IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS
file is automatically executed upon opening the e-mail, thus making this exploit
very dangerous when combined with virulent code. Examples of this are the notorious
Nimda virus as well as Klez and BadTrans.B and its variants.
Object Codebase Vulnerability Test
This particular example allows local files to be automatically executed, regardless
of the security settings on the target machine. It can be dangerous to open an e-mail
that uses this particular method because it runs on any computer that has an unpatched
version of Internet Explorer 6.
VBS Attachment Vulnerability Test
This test checks whether a mail server blocks VBS attachments. VBS files contain
commands which, when executed, can do virtually anything on the recipient's PC. This
includes running malicious code such as viruses and worms. The LoveLetter or Love Bug,
and AnnaKournikova are examples of viruses transmitted using this method.
Users can sign up for these tests by submitting their name and e-mail address at GFI's Email
Security Testing Zone. They will then receive the harmless tests by e-mail, through which they
can check the vulnerability of their e-mail system. Naturally, GFI is in the business of selling
software. So the test results are going to provide you with information on how you can use
their product(s) to protect your individual desktop as well as your sever level. For more information
and to request the tests, please visit http://www.gfi.com/emailsecuritytest/.