|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
rusticdog
Site Moderator
Premium Member
Joined: Aug 12, 2002
Posts: 2581
Location: New_Zealand
|
 Posted: Wed Aug 27, 2003 10:46 pm Post subject: Email Security Testing Zone |
|
|
Is your email system secure against email viruses and attacks?
The most deadly viruses, able to cripple your email system and corporate network in minutes, are being distributed worldwide via email in a matter of hours (for example, the LoveLetter virus). Email worms and viruses can reach your system and infect your users through harmful attachments. But that's not all! Some viruses are transmitted through harmless-looking email messages and can run automatically without the need for user intervention (like the Nimda virus). Are you covered against such threats?
Find out now by doing a vulnerability check on your email system!
Sign up to test for these real world threats by entering your name and email address below. You will receive an email asking you to confirm your request by clicking on a URL, after which we will perform a vulnerability check of your email system. You will receive the results by email.
http://www.gfi.com/emailsecuritytest/ |
|
| Back to top |
|
 |
Mariner
Site Moderator
Premium Member
Joined: Aug 25, 2003
Posts: 1904
|
| Posted: Thu Aug 28, 2003 11:07 am Post subject: e-mail security test |
|
|
is this test for the ordinary, home PC user or, just for companies?
would like to try it but concerned about possible exploit if l have vulnerabilities.
cheers
Mariner |
|
| Back to top |
|
|
TimeGhost
Captain
Joined: Apr 11, 2003
Posts: 650
Location: USA
|
| Posted: Thu Aug 28, 2003 11:29 am Post subject: |
|
|
This forum is rather a strange place to post the exploit test?
Anyway, it should be interesting to see what happens.... |
|
| Back to top |
|
|
TimeGhost
Captain
Joined: Apr 11, 2003
Posts: 650
Location: USA
|
| Posted: Thu Aug 28, 2003 1:28 pm Post subject: |
|
|
Here's the setup:
I instructed the test to hit my personal email account, which I access from the LAN at work from behind a Cisco router and firewall. I'm running Outlook 2000 in CW mode, with additional Internet Email services to access my ISP's POP3 server. Outlook actually sends requests for message downloads to B9 v1.41, which in turn, sends it to K9 v1.12, which goes up against the mail server. As well, MWP v3.1 is used to screen mail on the server. Finally, my address is an alias, which is virus scanned and then relayed to the mail server.
I first used MWP to download the headers, which it did easily. But the DNS blacklist check took about 30 minutes to complete. (Did the company FW throttle MWP?) MWP's hueristics did not flag the messages in any way. The spam throttle is set to Fast (20 lines). None of Gary's filters fired, either.
After the DNS blacklist test was complete, I checked for new messages, and then I used Outlook to download the messages, without processing any mail. K9 did not flag any of the messages as spam. The highest spam probability was 9.4% for the Access exploit.
The Eicar_test_file was caught by the server anti-virus, and I received the five fragmented messages, which B9 left unchanged. B9 (running the default medium security profile) reported changes to all the other messages.
I opened each mesage in Outlook, and did not experience any of the results of the exploits.
Finally, I opened each message using MWP. Then (after the entire messages were downloaded) I received the following statuses:
MIME header: Virus, Delete
CLSID (both): Possible Virus, Delete
malformed file extension: Possible Virus, Delete
VBS attachment: Possible Virus |
|
| Back to top |
|
|
rusticdog
Site Moderator
Premium Member
Joined: Aug 12, 2002
Posts: 2581
Location: New_Zealand
|
| Posted: Sun Aug 31, 2003 9:28 pm Post subject: |
|
|
| Quote: |
| This forum is rather a strange place to post the exploit test? |
Yeah for sure, maybe a sticky in a General Security?
Thought it would be a good link for Benign users to try out though, it's a great test.
| Quote: |
is this test for the ordinary, home PC user or, just for companies?
would like to try it but concerned about possible exploit if l have vulnerabilities. |
This is for any user of e-mail. Don't be concerned about these particular tests, they don't cause damage, rather it just highlights possible vulnerabilities of your system.
|
|
| Back to top |
|
|
Wayward
Lieutenant
Premium Member
Joined: Mar 16, 2003
Posts: 299
Location: USA
|
| Posted: Mon Sep 01, 2003 12:12 am Post subject: |
|
|
rusticdog,
Thanks for the link to these tests. Interesting and informative. Some combination of MWP, Benign, Zone Alarm Pro, an antivirus program, and my ISP's use of MIMEDefang took care of most of the stuff. And, naturally, I didn't understand some of what was going on. 
_________________
Wayward |
|
| Back to top |
|
|
Guest
|
| Posted: Fri Oct 17, 2003 10:06 am Post subject: |
|
|
| rusticdog wrote: |
| Thought it would be a good link for Benign users to try out though, it's a great test.. |
I haven't run these yet, but what should we expect to see if B9 is set to high?
|
|
| Back to top |
|
|
mcullet
Corporal
Joined: Oct 29, 2003
Posts: 65
Location: Australia
|
| Posted: Wed Feb 11, 2004 5:42 pm Post subject: |
|
|
| TimeGhost wrote: |
Here's the setup:
I instructed the test to hit my personal email account, which I access from the LAN at work from behind a Cisco router and firewall. I'm running Outlook 2000 in CW mode, with additional Internet Email services to access my ISP's POP3 server. Outlook actually sends requests for message downloads to B9 v1.41, which in turn, sends it to K9 v1.12, which goes up against the mail server. As well, MWP v3.1 is used to screen mail on the server. Finally, my address is an alias, which is virus scanned and then relayed to the mail server.
|
Hi TimeGhost,
Thanks for all that ... gee you sound like your email goes through a sieve.
If I understood what you said, the result was disappointing? I got lost (my bad).
The idea is good though ... I keep a CD with a heap of nasties I have collected over the years to use to test systems and each file on the CD *should* set off an alert. Most do. But all of this is past tense - virus fingerprints change and it seems our vulnerabilities have now become much more general. As is, just being connected to the internet is a dangerous thing.
I give this a go too and wee what happens. I have to reformat again because I found someone trying to send a message OUT of my pristine system to ICQ (hardware volitile firewall log).
Not nice to see  Nore is it nice to see a grown man cry into his beer.
TTFN
Mike
|
|
| Back to top |
|
|
TimeGhost
Captain
Joined: Apr 11, 2003
Posts: 650
Location: USA
|
| Posted: Thu Feb 12, 2004 11:22 am Post subject: |
|
|
| mcullet wrote: |
| TimeGhost wrote: |
Here's the setup:
I instructed the test to hit my personal email account, which I access from the LAN at work from behind a Cisco router and firewall. I'm running Outlook 2000 in CW mode, with additional Internet Email services to access my ISP's POP3 server. Outlook actually sends requests for message downloads to B9 v1.41, which in turn, sends it to K9 v1.12, which goes up against the mail server. As well, MWP v3.1 is used to screen mail on the server. Finally, my address is an alias, which is virus scanned and then relayed to the mail server.
|
Hi TimeGhost,
Thanks for all that ... gee you sound like your email goes through a sieve.
If I understood what you said, the result was disappointing? I got lost (my bad).
|
No not at all. Nothing got through, so I'm satisfied. The only issue was that MWP took a long time to run through the RBLs. Eventually MWP did alert me, but only after opening each one in the preview window.
| mcullet wrote: |
The idea is good though ... I keep a CD with a heap of nasties I have collected over the years to use to test systems and each file on the CD *should* set off an alert. Most do. But all of this is past tense - virus fingerprints change and it seems our vulnerabilities have now become much more general. As is, just being connected to the internet is a dangerous thing.
|
I like your idea of saving samples on CD better. That way you can test a system without putting it on the Internet. But I think if your CD has some really old viruses that are considered to be "out of circulation," a modern virus scanner might not test for them. I don't know for sure.
Sorry to read that you had to reformat. I hate when that happens.
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
