London, UK, 15 November 2001 - GFI has launched an Email Security Testing Zone to enable organizations to check whether their email systems are vulnerable to email viruses and attacks. The zone, http://www.gfi.com/emailsecuritytest, allows visitors to discover instantly if their system is secure against current and future email threats, such as emails containing infected attachments, emails with malformed MIME headers, and HTML mails with embedded scripts.

The need to protect against current and future email threats
Virus-writers can modify existing viruses at any point, meaning that simply protecting against known email viruses is not enough: email systems must be secure against both current and future email threats. This can only be achieved by protecting against all currently known methods of email infection. To see if their email systems are protected in this way, organizations can now use GFI's Email Security Testing Zone.

"Often, it is only upon infection by an email virus that businesses realize they are vulnerable to email-borne threats. GFI's Email Security Testing Zone now allows organizations to instantly discover if they are vulnerable, enabling them to take proactive steps to defend their email system," explained Nick Galea, GFI CEO.

GFI's Email Security Testing Zone currently includes 4 tests:

• VBS attachment vulnerability test
  This test checks whether a mail server blocks VBS attachments. VBS files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms. The LoveLetter or Love Bug, and AnnaKournikova are examples of viruses transmitted using this method.
  
  
• CLSID extension vulnerability test
  This test reveals whether a mail server detects and blocks files with CLSID extensions. Attachments having a CLSID extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG or WAV files - that do not need to be blocked.
  
  
• MIME header vulnerability test
  This test examines whether a corporate system is protected against emails using the MIME exploit. The MIME exploit makes use of a malformed MIME header and an IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS file is automatically executed upon opening the email, thus making this exploit very dangerous when combined with virulent code. An example of this is the notorious Nimda virus and its variants.
  
  
• ActiveX vulnerability test
  Through this test, users can discover if their machine is vulnerable to the ActiveX exploit. ActiveX within HTML content can circumvent security measures in certain circumstances. Vulnerabilities within Internet Explorer and Outlook allow such content to be executed.

Users can sign up for these tests by submitting their name and email address at GFI's Email Security Testing Zone. They will then receive harmless tests by email, through which they can check the vulnerability of their email system. For more information and to request the tests, please visit http://www.gfi.com/emailsecuritytest.