ServersGFI Email Security Zone

GFI Email Security Zone




by Ryan Smith

With the ease that virus-writers have by modifying existing viruses at any
point, simply protecting against known e-mail viruses is not enough these days — e-mail systems
must be secure against both current and future e-mail threats. This can only be
achieved by protecting against all currently known methods of e-mail infection.
To see if your e-mail systems are protected, GFI is hosting an Email Security
Testing Zone that performs these tests for you for no charge. The zone is located
at GFI’s website, http://www.gfi.com/emailsecuritytest/,
and allows visitors to discover instantly if their system is secure against current
and future e-mail threats, such as e-mails containing infected attachments,
e-mails with malformed MIME headers, and HTML mails with embedded scripts.

Ryan Smith’s latest article takes a look at the GFI Email Security Zone, a free site that offers ten tests to help determine if your e-mail system is secure against current and future e-mail threats, including e-mails containing infected attachments, e-mails with malformed MIME headers, and HTML mails with embedded scripts.

GFI’s Email Security Testing Zone currently includes 10 tests:

  • ActiveX Vulnerability Test

    This test allows users to discover if their machine is vulnerable to
    the ActiveX exploit. ActiveX within HTML content can circumvent security
    measures in certain circumstances. Vulnerabilities within Internet
    Explorer and Outlook allow such content to be executed.
  • CLSID Extension Vulnerability Test

    This test reveals whether a mail server detects and blocks files with
    CLSID extensions. Attachments having a CLSID extension do not show the
    actual full extension of the file when saved and viewed with Windows
    Explorer. This allows dangerous file types to look as though they are
    simple, harmless files (such as JPG or WAV files) that do not need to be
    blocked. This method may also circumvent attachment checking in some e-mail
    content filtering solutions.
  • CLSID Extension Vulnerability Test for Outlook 2002

    This test is similar to the standard CLSID extension vulnerability test,
    except it can also circumvent the security provided by Outlook XP (2002),
    which makes use of multi-layered security.
  • Eicar Anti-virus Software Test

    This test enables you to check if your anti-virus software is in place and
    functioning correctly.
  • GFI’s Access Exploit Vulnerability Test

    This particular example allows VBA (Visual Basic for Applications) code to be
    automatically executed without any warnings, regardless of the security
    settings on the target machine. It can be very dangerous to open an e-mail
    that makes use of this particular method since it runs on any computer
    that has Internet Explorer.
  • Iframe Remote Vulnerability Test

    This particular example allows files to be downloaded to the desktop machine
    from a remote HTTP site, regardless of the security settings on the target
    machine. Once downloaded, the files can be executed. This method allows
    attackers to circumvent attachment checking such as the security settings
    in Outlook 2002.
  • Malformed File Extension Vulnerability Test (for Outlook 2002)

    This test examines whether your Outlook 2002 (XP) system detects and blocks
    files with malformed HTA file extensions. HTA files contain commands which,
    when executed, can do virtually anything on the recipient’s PC. This includes
    running malicious code such as viruses and worms.
  • MIME Header Vulnerability Test (Nimda & Klez testing)

    This test examines whether a corporate system is protected against e-mails using
    the MIME exploit. The MIME exploit makes use of a malformed MIME header and an
    IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS
    file is automatically executed upon opening the e-mail, thus making this exploit
    very dangerous when combined with virulent code. Examples of this are the notorious
    Nimda virus as well as Klez and BadTrans.B and its variants.
  • Object Codebase Vulnerability Test

    This particular example allows local files to be automatically executed, regardless
    of the security settings on the target machine. It can be dangerous to open an e-mail
    that uses this particular method because it runs on any computer that has an unpatched
    version of Internet Explorer 6.
  • VBS Attachment Vulnerability Test

    This test checks whether a mail server blocks VBS attachments. VBS files contain
    commands which, when executed, can do virtually anything on the recipient’s PC. This
    includes running malicious code such as viruses and worms. The LoveLetter or Love Bug,
    and AnnaKournikova are examples of viruses transmitted using this method.


Users can sign up for these tests by submitting their name and e-mail address at GFI’s Email
Security Testing Zone. They will then receive the harmless tests by e-mail, through which they
can check the vulnerability of their e-mail system. Naturally, GFI is in the business of selling
software. So the test results are going to provide you with information on how you can use
their product(s) to protect your individual desktop as well as your sever level. For more information
and to request the tests, please visit http://www.gfi.com/emailsecuritytest/.


Ryan Smith

Latest Posts

Related Stories