GFI’s Email Security Testing Zone Launches New Free Email Tests Based On Exploits

London, UK, 23 October 2003 – GFI’s Email Security Testing Zone, http://www.gfi.com/emailsecuritytest/, has launched a set of new email tests. The tests enable administrators to find out free of charge if their network is protected against emails that use different exploits to try to break into and infect a system, including an email with a long subject, an attachment with no filename, an attachment with a long filename, the Popup Object Exploit and an attachment with a double file extension.

“GFI’s Email Security Testing Zone gives administrators the opportunity to test whether their networks are protected against the latest email threats,” said Sandro Gauci, security researcher at GFI. “Our new tests check if an email client is vulnerable to emails that use exploits like the Popup Object Exploit or take advantage of certain simple tricks – such as a long subject or an attachment with no filename, a long filename, or a double file extension. Emails that use such exploits are dangerous as they can circumvent client level anti-virus and/or content filtering protection, granting a malicious user unauthorized access to that machine and through it, to the network.”

“Email viruses that use email exploits to disseminate are becoming more frequent, as the recent BugBear.B and Fortnight JavaScript worm show. The traditional methods of email security are no longer enough: administrators must use sharp, multi-layered products against the latest email threats,” added Nick Galea, GFI CEO. “Products restricted to a single anti-virus engine combined with content filtering no longer suffice; an email exploit detection engine like the one included with GFI MailSecurity, is a must to combat such email attacks.”

The new security tests added to GFI’s free zone are the following:

* Long subject attachment checking bypass test [for Outlook Express 6 and Outlook 2000] This test checks whether an email system accepts emails with long subjects; in some versions of Outlook and Outlook Express, long subjects can be used to bypass attachment checking.

* Attachment with no filename vulnerability test
This test examines whether an email system accepts executable code that can bypass content checking security solutions. Because this attachment has no filename, the executable code it contains will not be detected by most content checking software, and the code can be executed using Outlook.

* Long filename vulnerability test
Attachments with long filenames can be used to trick a user into double-clicking an attachment, thereby executing the malicious code it contains on the system: as the long filename is truncated by the email client, the attachment can be made to look like an innocent file (for example, a JPG image file). This test indicates whether a system can block emails that use this exploit.

* Popup Object Exploit vulnerability test
The Popup Object Exploit automatically launches files on the vulnerable system, so a secure email system should not accept emails that contain this exploit.

* Double file extension vulnerability test
This test checks whether your email system accepts emails which contain attachments with double file extensions, for example mypicture.jpg.hta. The actual file extension for this attachment would be HTA (HTML application), which is executable code. However, this exploit may trick users into thinking that this is a harmless JPG image file.

Testing if a system is vulnerable to these email threats

Email users can sign up for these and other tests by submitting their name and email address at GFI’s Email Security Testing Zone, http://www.gfi.com/emailsecuritytest/. They will then receive harmless tests by email, through which they can check if their email system is vulnerable to a number of email threats. The zone also includes tests for threats such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and email attacks that can circumvent default Outlook 2002 (XP) security settings.

About GFI MailSecurity

GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email- borne threats before they can affect your email users. GFI MailSecurity’s key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan & Executable Scanner, to detect malicious executables; and more. Pricing starts at US$295 for 10 users and includes a year of free anti-virus engine updates. More product information can be found at http://www.gfi.com/mailsecurity.


About GFI

GFI is a leading provider of Windows-based network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti- virus software; GFI MailEssentials server-based anti- spam software; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; and GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates though a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award.