London, UK, 12 April 2001 - GFI, leading developer of email content checking & anti-virus software, warns that HTML email viruses are becoming more dangerous and harder to block. Referring to the latest vulnerability to be found in HTML mail that allows viruses to be triggered automatically, GFI cautioned that more HTML email viruses are on their way and announced that Mail essentials, its server level email content checking and anti-virus solution, blocks this new breed of virus.

The vulnerability recently discovered in HTML mail makes it possible for an email message to run an embedded file attachment when the user simply previews that message in Outlook or Outlook Express. This means the user does not need to open the attachment to activate the virus; in fact, the attachment is invisible to the recipient. This new vulnerability lies in a Malformed Content Type tag, which is exploited using an IFRAME tag. Through the IFRAME tag, a malicious user is able to automatically run his/her file.

A patch that partially fixes this vulnerability has been issued, but it is not a total solution (see http://www.microsoft.com/technet/security/bulletin/ms01-020.asp for more information). For full protection, email content filtering at server level is essential.

"HTML mail viruses are becoming more sophisticated and more difficult to detect and stop. The recently discovered vulnerability is a clear example of how dangerous HTML mail scripting can be. Exploits like this indicate that other such HTML viruses lie close ahead," said Nick Galea, GFI CEO.

"Mail essentials protects against this type of virus in two ways. Through its file checking module, Mail essentials blocks infected attachments, even if they are hidden. Through its script checking function, Mail essentials removes the actual script that runs the exploit, including IFRAME and other tags that automatically run files," Mr. Galea explained. "All this is done at email server level, before the email is forwarded to the recipient. This way, organizations are secure against this new type of HTML mail virus."

About Mail essentials
Mail essentials for Exchange/SMTP is an email content checking and anti-virus solution that removes all types of email-borne threats before they can affect an organization's email users. Spam, viruses, dangerous attachments and offensive content can be removed before the email users can receive them. More information can be found at http://www.gfi.com/me/index.html. The full version of Mail essentials is available from $350.