HTML mail adds dangerous exposure - Mail essentials protects against this new breed of virus at server level.
London, UK, 12 April 2001 - GFI, leading developer of email content checking & anti-virus software, warns that HTML email viruses are becoming more dangerous and harder to block. Referring to the latest vulnerability to be found in HTML mail that allows viruses to be triggered automatically, GFI cautioned that more HTML email viruses are on their way and announced that Mail essentials, its server level email content checking and anti-virus solution, blocks this new breed of virus.
The vulnerability recently discovered in HTML mail makes it possible for an email message to run an embedded file attachment when the user simply previews that message in Outlook or Outlook Express. This means the user does not need to open the attachment to activate the virus; in fact, the attachment is invisible to the recipient. This new vulnerability lies in a Malformed Content Type tag, which is exploited using an IFRAME tag. Through the IFRAME tag, a malicious user is able to automatically run his/her file.
A patch that partially fixes this vulnerability has been issued, but it is not a total solution (see http://www.microsoft.com/technet/security/bulletin/ms01-020.asp for more information). For full protection, email content filtering at server level is essential.
"HTML mail viruses are becoming more sophisticated and more difficult to detect and stop. The recently discovered vulnerability is a clear example of how dangerous HTML mail scripting can be. Exploits like this indicate that other such HTML viruses lie close ahead," said Nick Galea, GFI CEO.
"Mail essentials protects against this type of virus in two ways. Through its file checking module, Mail essentials blocks infected attachments, even if they are hidden. Through its script checking function, Mail essentials removes the actual script that runs the exploit, including IFRAME and other tags that automatically run files," Mr. Galea explained. "All this is done at email server level, before the email is forwarded to the recipient. This way, organizations are secure against this new type of HTML mail virus."
About Mail essentials
Mail essentials for Exchange/SMTP is an email content checking and anti-virus solution that removes all types of email-borne threats before they can affect an organization's email users. Spam, viruses, dangerous attachments and offensive content can be removed before the email users can receive them. More information can be found at http://www.gfi.com/me/index.html. The full version of Mail essentials is available from $350.
About GFI
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. Founded in 1992, GFI has offices in Malta, London, Raleigh, Hong Kong, and Adelaide which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners throughout the world. GFI is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.
All product and company names herein may be trademarks of their respective owners.
| 
Products
