GFI’s Trojan & Executable Scanner can detect malicious executables automatically to tackle the fast-growing threat posed by Trojans

London, UK, 23 June 2003 – GFI today announced the release of GFI MailSecurity for Exchange/SMTP 8, an email content security product that uses multiple anti-virus engines, exploit detection, an HTML threats engine, and content and attachment checking to scan incoming and outgoing email for viruses, exploits and attacks. Version 8 includes many key features, the most significant of which is a new Trojan & Executable Scanner.

“The threat of Trojans, used to obtain confidential information or damage a network, is on the rise. As early as 2001, an eWeek article reported that tens of thousands of machines are infected with Trojans; and in March this year, an ICSA Labs survey reported that Trojans are increasingly in use by malicious attackers. Content security products need to meet this challenge and detect unknown and dangerous executables. GFI has made the first step in this direction by introducing a revolutionary Trojan & Executable Scanner in GFI MailSecurity 8,” said Nick Galea, GFI CEO.

Trojan and executable analyzer detects unknown dangers
GFI’s Trojan & Executable Scanner can analyze what an executable does, and quarantines any executables that perform suspicious activities, such as Trojan files. Trojans are dangerous as they can enter a victim’s computer undetected, granting an attacker unrestricted access to the data stored on that computer.

Difference between the Trojan & Executable Scanner and an anti virus engine
Unlike viruses, which tend to be widely disseminated, Trojans are often “one-off” executables, targeted towards a specific user to obtain particular information. Because anti-virus software is signature-based, it is unable to detect these custom-made Trojans. Indeed, any product that relies on signatures alone to detect malicious software cannot be effective in detecting such threats - even if it is a specialized anti-Trojan solution - because signature-based software can only detect known viruses and Trojans. However, this software cannot recognize or identify one-off Trojans, as these are not released in the wild and therefore their signatures remain unknown.

GFI MailSecurity takes a different approach by using built-in intelligence to rate an executable’s risk level. It does this by disassembling the executable, detecting in real time what it might do, and comparing its actions to a database of malicious actions. This way, GFI MailSecurity can detect potentially dangerous, unknown or one-off Trojans before they enter the network.

Other new features in GFI MailSecurity 8
GFI MailSecurity for Exchange/SMTP 8 also includes these new features:

• Support for Exchange 2003 and Windows Server 2003
• A decompression engine that now supports an industry record of more than 75 compression formats while offering configurable handling of compressed file archives
• Automatic updates to the exploit engine
• A web-based moderator that enables administrators to moderate quarantined items via a web browser
• Support for further anti-virus engines (to be announced)
• Improved configuration.

Key features retained
GFI MailSecurity for Exchange/SMTP 8 has retained its unique combination of email content security and anti-virus features that enable it to remove all types of email-borne threats before they can affect an organization’s email users, including:

• Multiple virus engines - for better protection, including McAfee, Norman and BitDefender
• Email content and attachment checking - to quarantine dangerous attachments and content
• Exploit shield - to detect emails with operating system and application exploits
• HTML threats engine - to analyze and defuse HTML scripts.

Pricing, specifications and availability
GFI MailSecurity pricing starts at US$295 for 10 mailboxes; pricing includes a year of free anti-virus engine updates. GFI MailSecurity is available as an SMTP gateway version and as a VS API version. The gateway version should be deployed at the perimeter of the network as a mail relay server and scans inbound and outbound mail. The VS API version integrates seamlessly with Exchange Server 2000/2003 and scans the Exchange 2000/2003 information stores. Both versions can be deployed simultaneously to achieve optimum protection. More product information and a trial version can be found at http://www.gfi.com/mailsecurity.