Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

GFI’s Email Security Testing Zone launches new free email tests based on exploits

  • 23 October, 2003 22:30

<p>Helps administrators strengthen their network defenses against email exploits</p>
<p>London, UK, 23 October 2003 – GFI’s Email Security Testing Zone, http://www.gfi.com/emailsecuritytest/, has launched a set of new email tests. The tests enable administrators to find out free of charge if their network is protected against emails that use different exploits to try to break into and infect a system, including an email with a long subject, an attachment with no filename, an attachment with a long filename, the Popup Object Exploit and an attachment with a double file extension.</p>
<p>“GFI’s Email Security Testing Zone gives administrators the opportunity to test whether their networks are protected against the latest email threats,” said Sandro Gauci, security researcher at GFI. “Our new tests check if an email client is vulnerable to emails that use exploits like the Popup Object Exploit or take advantage of certain simple tricks - such as a long subject or an attachment with no filename, a long filename, or a double file extension. Emails that use such exploits are dangerous as they can circumvent client level anti-virus and/or content filtering protection, granting a malicious user unauthorized access to that machine and through it, to the network.”</p>
<p>“Email viruses that use email exploits to disseminate are becoming more frequent, as the recent BugBear.B and Fortnight JavaScript worm show. The traditional methods of email security are no longer enough: administrators must use sharp, multi-layered products against the latest email threats,” added Nick Galea, GFI CEO. “Products restricted to a single anti-virus engine combined with content filtering no longer suffice; an email exploit detection engine like the one included with GFI MailSecurity, is a must to combat such email attacks.”</p>
<p>The security tests added to GFI’s free zone are the following:
• Long subject attachment checking bypass test [for Outlook Express 6 and Outlook 2000] - This test checks whether an email system accepts emails with long subjects; in some versions of Outlook and Outlook Express, long subjects can be used to bypass attachment checking.
• Attachment with no filename vulnerability test - This test examines whether an email system accepts executable code that can bypass content checking security solutions. Because this attachment has no filename, the executable code it contains will not be detected by most content checking software, and the code can be executed using Outlook.
• Long filename vulnerability test - Attachments with long filenames can be used to trick a user into double-clicking an attachment, thereby executing the malicious code it contains on the system: as the long filename is truncated by the email client, the attachment can be made to look like an innocent file (for example, a JPG image file). This test indicates whether a system can block emails that use this exploit.
• Popup Object Exploit vulnerability test - The Popup Object Exploit automatically launches files on the vulnerable system, so a secure email system should not accept emails that contain this exploit.
• Double file extension vulnerability test - This test checks whether your email system accepts emails which contain attachments with double file extensions, for example mypicture.jpg.hta. The actual file extension for this attachment would be HTA (HTML application), which is executable code. However, this exploit may trick users into thinking that this is a harmless JPG image file.</p>
<p>Testing if a system is vulnerable to these email threats
Email users can sign up for these and other tests by submitting their name and email address at GFI’s Email Security Testing Zone, http://www.gfi.com/emailsecuritytest/. They will then receive harmless tests by email, through which they can check if their email system is vulnerable to a number of email threats. The zone also includes tests for threats such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and email attacks that can circumvent default Outlook 2002 (XP) security settings.</p>
<p>About GFI MailSecurity
GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email-borne threats before they can affect your email users. GFI MailSecurity's key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan &amp; Executable Scanner, to detect malicious executables; and more. Pricing starts at US$295 for 10 users and includes a year of free anti-virus engine updates. More product information can be found at http://www.gfi.com/mailsecurity.</p>
<p>About GFI
GFI is a leading provider of Windows-based network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; GFI MailEssentials server-based anti-spam software; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; and GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates though a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award.</p>
<p>All product and company names herein may be trademarks of their respective owners.</p>
<p>For more information:
Please email Angelica Micallef Trigona on angelica@gfi.com
GFI Software Ltd - Malta: Tel: +356 21382418; Fax: +356 21382419.</p>

Most Popular

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Join the newsletter!

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?