The modern business world demands that people around the globe communicate with one another. Email becomes more prevalent in the market, not only in business sector but also for the communication between a common man. In most cases, it turns into backbone of most organizations’ day-to-day activities.
With day to day increased activities through email, the importance of email security becomes more significant. Variety of threats over internet can affect system; one of the major threats is email viruses which can not be ignored. Viruses transmitted via emails cannot be avoided by using only antivirus software. In the same way, we lull ourselves into a false sense of security upon installing a firewall. Firewalls only prevent network access by unauthorized users. But it does not check the content of mail being sent and received by those authorized to use the system, for instance:
Over 11,000 different computer viruses exist so far and hundreds are created each month. Their affects range from negligible to inconvenient to destructive. Love Letter & Nimda are the most harmful type of viruses transmitted via email & attachments. An affected email may contain infected attachments entails with malformed MIME headers, and HTML mails with embedded scripts.
There are various tests that should be conducted in order to secure email system from the email vulnerabilities. Some of them are as under:
1. Long Subject Attachment Checking bypass Test checks whether the system accepts emails with long subjects or not.
2. Attachment with No Filename Vulnerability Test examines whether the system accepts an attachment with no filename containing executable code that can bypass content checking security solutions or not.
3. Long Filename Vulnerability Test indicates whether the system blocks emails with attachments having long filenames or not.
4. Popup Object Exploit Vulnerability Test discovers if machine is vulnerable to the Popup Object Exploit which can automatically launch files on a vulnerable system.
5. Double File Extension Vulnerability Test shows whether the email system accepts emails which contain attachments with double file extensions or not.
6. ActiveX Vulnerability Test finds out if machine is vulnerable to the ActiveX exploit.
7. CLSID Extension Vulnerability Test reveals that whether the mail server / outlook 2002 (XP) detects and blocks files with Class ID (CLSID) extensions or not.
8. Eicar Anti-virus Software Test checks if anti-virus software is in place and functioning correctly.
9. Fragmented Message Vulnerability Test checks whether the server-level anti-virus/content checking system detects and blocks emails using the fragmented message exploit or not.
10. ** GFI’s Access Exploit Vulnerability Test discovers if machine is vulnerable to the Access exploit vulnerability discovered by GFI.
11. ** Iframe Remote Vulnerability Test discovers if machine is vulnerable to the Iframe remote exploit.
12. Malformed File Extension Vulnerability Test examines whether the Outlook 2002 (XP) system detects and blocks files with malformed HTA file extensions or not.
13. ** MIME Header Vulnerability Test (Nimda & Klez testing) examines whether the system is protected against emails using the MIME exploit or not.
14. ** Object Codebase Vulnerability Test checks whether system detects and blocks emails using the Object Codebase exploit. It is also suited to Outlook 2002.
15. VBS Attachment Vulnerability Test inspect whether the mail server blocks VBS attachments or not.
If you are alarmed by these vulnerabilities, there are solutions available. Look out for companies that ask for name, email addresses & Captacha to sign up. Email threats will continue to exist as long as there are people and organizations that thrive on the misery they inflict upon others. Therefore, the practices and tools that constitute email security are likely to exist for as long as email itself.
Note: ** It does not apply to IE6 users who have the latest patches installed.