"GFI's Email Security Testing Zone aims to help administrators keep abreast of the latest email threats and ensure that their networks are protected against them," said Sandro Gauci, security engineer at GFI. "Our new tests check if an email client is vulnerable to emails that use the Iframe remote and object codebase exploits. Emails that use either of these exploits are dangerous as they can circumvent client level anti-virus protection and/or security settings on the target machine, thereby granting unauthorized access to a malicious user."

"Email viruses that rely on email exploits to disseminate are becoming more frequent, overpowering traditional methods of email security. This means that security administrators must step up their network security and use innovative multi-layered products against the latest email threats," added Nick Galea, GFI CEO. "Products restricted to a single anti-virus engine no longer offer sufficient protection; an email exploit detection engine like the one included with GFI MailSecurity, is a must to combat such email attacks."

The third addition to the zone is the well-known Eicar anti-virus software test. "So far administrators wishing to run this test virus have had to download it and then email it to themselves. They can now run it through our Email Security Testing Zone which conveniently emails it to them on demand," Mr. Gauci pointed out.

Iframe Remote vulnerability test
This test checks whether a mail server blocks emails containing an Iframe that points to a file residing on an HTTP server. This email exploit can bypass a PC's security settings. It disarmingly contains no attachment but invites the recipient to open a file that seems both harmless and interesting but is actually an HTA file in disguise. HTA files contain commands that, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms.

Object Codebase vulnerability test
This test reveals whether a mail server detects and blocks emails that use the Object Codebase exploit. This exploit allows local files to be automatically executed, regardless of the security settings on the target machine. An email using this method can run on any computer that has an unpatched version of Internet Explorer 6.

Eicar anti-virus software test
This is a safe and easy way for users to check if they have anti-virus protection and/or if their anti-virus software is working.

Test if your system is vulnerable to these email threats
Email users can sign up for these tests by submitting their name and email address at GFI's Email Security Testing Zone, http://www.gfi.com/emailsecuritytest/. They will then receive harmless tests by email, through which they can check if their email system is vulnerable to a number of email threats. The zone also includes tests for threats such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and email attacks that can circumvent default Outlook 2002 (XP) security settings.

About GFI MailSecurity
GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email-borne threats before they can affect your email users. GFI MailSecurity's key features include multiple virus engines, for better protection; email content and attachment checking, to quarantine dangerous emails; an exploit shield, to perform email intrusion detection and defence; and an email threats engine, to analyse & defuse HTML scripts, .exe files & more. Pricing starts at US$295 for 10 users and includes a year of free anti-virus engine updates. More product information can be found at http://www.gfi.com/mailsecurity.