GFI’s Email Security Testing Zone Launches a New Test

Allows admins to test the vulnerability of their networks to the newly found fragmented message vulnerability

London, UK, 12 September 2002 – GFI’s Email Security Testing Zone, www.gfi.com/emailsecuritytest, has launched an email test based on a new vulnerability detailed by Beyond Security Ltd earlier today. Through this test, available for free, administrators can find out whether their network is protected against emails making use of the fragmented message vulnerability.

An email exploit making use of the fragmented message vulnerability can bypass most unpatched content-filtering solutions that claim to protect against viruses and renders most server-level virus scanning solutions useless against it.

“This generic flaw potentially affects all SMTP content filtering software. What’s most alarming about this attack is the fact that no special attacking tool is required; any Outlook Express user can use this flaw to bypass a vulnerable content filtering software at a flick of a button,” said Aviram Jenik, Beyond Security CEO. For more information about the vulnerability, please see http://www.securiteam.com/securitynews/5YP0A0K8CM.html.

“As virus writers seek increasingly sophisticated methods to disseminate their viruses, email exploits will become a more popular means for doing so, making an email exploit detection engine an essential part of an organisation’s email security set-up,” said Sandro Gauci, security engineer at GFI. “A case in point is the newly discovered fragmented message email exploit that can circumvent most server-level and some client- level email security systems.”

GFI’s fragmented message vulnerability test uses the harmless Eicar virus to test whether a network has protection against this type of email exploit. Eicar was developed by the European Institute for Computer Anti-Virus Research as a safe and easy way to test if the user’s anti-virus software is working.

Once the test is activated, if it is received as a single email with an attached file that contains Eicar, then the recipient is vulnerable to this kind of attack. The fragmented message has circumvented server level protection as well as the security settings of the email client – meaning that were this virus malicious, the network would have been infected. If the test is received as five emails or not at all, the recipient’s email client does not support email defragmentation: The fragmented email containing the virus has not been reconstructed at client level, meaning the user’s system is safe from this type of attack. This email attack works with Outlook Express and other clients that support message fragmentation. Microsoft Outlook does not support this feature.

How to run the test

Email users can sign up for this and other tests free of charge by submitting their name and email address at GFI’s Email Security Testing Zone, http://www.gfi.com/emailsecuritytest/. They will then receive harmless tests by email, through which they can check if their email system is vulnerable to a number of email threats. The zone also includes tests for threats such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and email attacks that can circumvent default Outlook 2002 security settings.

About GFI MailSecurity

GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email-borne threats before they can affect your email users. GFI MailSecurity’s key features include multiple virus engines, for better protection; email content and attachment checking, to quarantine dangerous emails; an email exploit engine, to perform email intrusion detection and defence; and an email threats engine, to analyse and defuse HTML scripts, .exe files and more. Pricing starts at US$295 for 10 users and includes a year of free anti-virus engine updates. More product information can be found at http://www.gfi.com/mailsecurity.

About GFI

GFI (www.gfi.com) is a leading provider of Windows- based messaging, content security and network security software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; and the GFI LANguard family of network security products. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award.

All product and company names herein may be trademarks of their respective owners.