dcsimg

GFI Email Security Zone

By ServerWatch Staff (Send Email)
Posted Aug 18, 2002


by Ryan Smith

With the ease that virus-writers have by modifying existing viruses at any point, simply protecting against known e-mail viruses is not enough these days -- e-mail systems must be secure against both current and future e-mail threats. This can only be achieved by protecting against all currently known methods of e-mail infection. To see if your e-mail systems are protected, GFI is hosting an Email Security Testing Zone that performs these tests for you for no charge. The zone is located at GFI's website, http://www.gfi.com/emailsecuritytest/, and allows visitors to discover instantly if their system is secure against current and future e-mail threats, such as e-mails containing infected attachments, e-mails with malformed MIME headers, and HTML mails with embedded scripts.

Ryan Smith's latest article takes a look at the GFI Email Security Zone, a free site that offers ten tests to help determine if your e-mail system is secure against current and future e-mail threats, including e-mails containing infected attachments, e-mails with malformed MIME headers, and HTML mails with embedded scripts.

GFI's Email Security Testing Zone currently includes 10 tests:

  • ActiveX Vulnerability Test
    This test allows users to discover if their machine is vulnerable to the ActiveX exploit. ActiveX within HTML content can circumvent security measures in certain circumstances. Vulnerabilities within Internet Explorer and Outlook allow such content to be executed.

  • CLSID Extension Vulnerability Test
    This test reveals whether a mail server detects and blocks files with CLSID extensions. Attachments having a CLSID extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files (such as JPG or WAV files) that do not need to be blocked. This method may also circumvent attachment checking in some e-mail content filtering solutions.

  • CLSID Extension Vulnerability Test for Outlook 2002
    This test is similar to the standard CLSID extension vulnerability test, except it can also circumvent the security provided by Outlook XP (2002), which makes use of multi-layered security.

  • Eicar Anti-virus Software Test
    This test enables you to check if your anti-virus software is in place and functioning correctly.

  • GFI's Access Exploit Vulnerability Test
    This particular example allows VBA (Visual Basic for Applications) code to be automatically executed without any warnings, regardless of the security settings on the target machine. It can be very dangerous to open an e-mail that makes use of this particular method since it runs on any computer that has Internet Explorer.

  • Iframe Remote Vulnerability Test
    This particular example allows files to be downloaded to the desktop machine from a remote HTTP site, regardless of the security settings on the target machine. Once downloaded, the files can be executed. This method allows attackers to circumvent attachment checking such as the security settings in Outlook 2002.

  • Malformed File Extension Vulnerability Test (for Outlook 2002)
    This test examines whether your Outlook 2002 (XP) system detects and blocks files with malformed HTA file extensions. HTA files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms.

  • MIME Header Vulnerability Test (Nimda & Klez testing)
    This test examines whether a corporate system is protected against e-mails using the MIME exploit. The MIME exploit makes use of a malformed MIME header and an IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS file is automatically executed upon opening the e-mail, thus making this exploit very dangerous when combined with virulent code. Examples of this are the notorious Nimda virus as well as Klez and BadTrans.B and its variants.

  • Object Codebase Vulnerability Test
    This particular example allows local files to be automatically executed, regardless of the security settings on the target machine. It can be dangerous to open an e-mail that uses this particular method because it runs on any computer that has an unpatched version of Internet Explorer 6.

  • VBS Attachment Vulnerability Test
    This test checks whether a mail server blocks VBS attachments. VBS files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms. The LoveLetter or Love Bug, and AnnaKournikova are examples of viruses transmitted using this method.


Users can sign up for these tests by submitting their name and e-mail address at GFI's Email Security Testing Zone. They will then receive the harmless tests by e-mail, through which they can check the vulnerability of their e-mail system. Naturally, GFI is in the business of selling software. So the test results are going to provide you with information on how you can use their product(s) to protect your individual desktop as well as your sever level. For more information and to request the tests, please visit http://www.gfi.com/emailsecuritytest/.


Ryan Smith

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.