GFI Launches Email Exploit Engine – New Technology To Block Email Threats

A revolutionary way of protecting networks against current and future email attacks

London, UK, 10 July 2002 – GFI MailSecurity for Exchange/SMTP, GFI’s new email security package, includes a revolutionary email exploit engine. This first-of-its-kind module detects exploits embedded in emails and shields users against any current or future email viruses and attacks that use known exploits.

Why email exploits are dangerous

An exploit uses known vulnerabilities in applications or operating systems to execute a program or code; it “exploits” a feature of a program or the operating system for its own use, such as to execute arbitrary machine code, read/ write files on the hard disk, or gain illicit access. An email exploit is an exploit embedded in an email that can be executed on the recipient’s machine once the user opens or receives the email. This allows a hacker to bypass most firewalls and anti-virus products.

Protection against unknown email viruses and malicious code

Anti-virus software is designed to detect known malicious code. An email exploit engine takes a different approach: it works like an intrusion detection system (IDS) for email and analyses code for exploits that could be malicious. This means it can protect against new viruses, but most importantly against unknown viruses/malicious code. This is crucial as an unknown virus could be a one- off piece of code, developed specifically to break into an organization’s network, and therefore might not be recognized by anti-virus engines.

Blocking Nimda, BadTrans.B, Klez.H & their variants in one go

The Nimda, BadTrans.B and Klez.H viruses all use the same exploit to propagate. Yet, when the BadTrans.B virus emerged, those who had anti-virus protection against Nimda were defenceless against BadTrans.B and needed a new virus definition file update to block it. Again, when Klez.H appeared, anti-virus vendors had to issue another new update to protect against that. Yet, the time taken to release a signature against each new threat is long enough for a network to be infected.

In contrast, GFI’s email exploit detection engine recognizes the exploit used and can block all three worms – and any variants – immediately and automatically, without the need for definition file updates.

GFI Security Labs conduct research in the hacker community to identify new exploits and incorporate them in the GFI MailSecurity exploit engine. This way, the engine can protect against any new virus that is based on a known exploit and will catch the virus even before the anti-virus vendor is aware of its emergence – and before virus definition files have been updated. The majority of the hazards identified by GFI MailSecurity’s exploit engine are not detected by any other program on the market today.

For more information, see “Why you need an email exploit detection engine: Networks must supplement anti-virus protection for maximum security” at http://www.gfi.com/mailsecurity/wpexploitengine.htm.

About GFI MailSecurity for Exchange/SMTP

GFI MailSecurity for Exchange/SMTP is an email content checking, anti-virus, threats analysis and exploit detection solution that removes all types of email-borne threats before they can affect an orgnisation’s email users. Its key features besides the email exploit engine include multiple virus engines for better protection; email content and attachment checking, to quarantine dangerous emails; and an email threats engine, to analyse and defuse HTML scripts, and more. GFI MailSecurity comes as a gateway version that can be used with Exchange Server 5.5 or any SMTP server, and as an Exchange 2000 VS API (Virus Scanning API) version (available from authorized distributors or online at http://www.gfi.com). Pricing starts at US$295 for 10 users and includes a year of free anti-virus engine updates. More information can be found at http://www.gfi.com/mailsecurity.

About GFI

GFI is a leading provider of Windows-based security and communications software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/ exploit checking and anti-virus software; and the GFI LANguard family of network security products. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award.

All registered and unregistered trademarks in this document are the sole property of their respective owners.

Don't miss