Online E-mail Scanner
This week, the security front seemed a little quiet. Now, don’t get me wrong, that’s good. There have been little tremors here and there, but nothing really worth causing hysteria over. So, during the times of peace, we should utilize procedures and services to strengthen our system’s defenses and test them against outside threats. Of course, you always have the day-to-day, or at least weekly, security maintenance activities, such as making sure you system and security services are updated, but today, I’m talking more about proactive security measures. I’m talking about things like firewalls and e-mail scans that will test your system for any holes in its security.
I have run a firewall scan tip in past articles, which is a good way to not only test, but also familiarize yourself with your firewall protection. Today, however, I’m going a different route with something that all of you security minded individuals will surely find interesting, if not useful.
I thought I would introduce you to an online e-mail scanner that throws a number of different test e-mail born threats at your system. Attackers use e-mail as a major avenue for infection, which makes it imperative that you make sure your e-mail clients are buttoned up tight. Within seconds, you can have the Windows Security E-mail Scanning Service test your system for 17 of the most prevalent e-mail threats in the form of test e-mails.
Some tests are designed to test e-mail clients, such as Outlook Express, that will autorun certain files. This can then lead to a successful attack. Other tests require the user to interact with the e-mail by opening attachments. If one of the attachments from the test e-mails is successfully opened, it will create a text file on your desktop with system information. This outcome, in case you haven’t guessed, constitutes a successful infiltration of your e-mail client. In short, you have a security hole.
Some test e-mails may not even make it to your Inbox, because they are being stopped at the server level, which says a lot for your first level of defense (usually your ISP’s defenses, rather). This is good and is what you want.
Below, I have listed the individual tests that the Windows Security E-mail Scanner can test your system for. You can pick and choose which of these you would like to run. All of them can really help you pinpoint any system weaknesses.
These, of course, are only tests and nothing is really at risk. In fact, this should help to identify areas in your system that may need attention.
|Long subject attachment checking bypass test (for Outlook Express 6) – This test checks whether your system accepts e-mails with long subjects. In some versions of Outlook Express, long subjects can be used to bypass attachment checking.|
|Long subject attachment checking bypass test (for Outlook 2000) – This test checks whether your system accepts e-mails with long subjects. In some versions of Outlook, long subjects can be used to bypass attachment checking.|
|Attachment with no filename vulnerability test – This test examines whether your system accepts an attachment with no filename containing executable code that can bypass content checking security solutions.|
|Long filename vulnerability test – This test indicates whether your system blocks e-mails with attachments having long filenames, which can be used to trick a user into double clicking the attachment, which can execute the malicious code it contains on the system.|
|Popup Object Exploit vulnerability test – Through this test, discover if your machine is vulnerable to the Popup Object Exploit, which can automatically launch files on a vulnerable system.|
|Double file extension vulnerability test – This test shows whether your e-mail system accepts e-mails that contain attachments with double file extensions.|
|ActiveX vulnerability test (works only on IE5.x) – Using this test, you will find out if your machine is vulnerable to the ActiveX exploit.|
|CLSID extension vulnerability test – This test reveals whether your mail server detects and blocks files with Class ID (CLSID) extensions.|
|CLSID extension vulnerability test (for Outlook 2002) – This test reveals whether your Outlook 2002 (XP) system detects and blocks files with Class ID (CLSID) extensions.|
|Eicar antivirus software test – This test enables you to check if your antivirus software is in place and functioning correctly.|
|Fragmented message vulnerability test (for Outlook Express) – This test checks whether your server-level antivirus/content checking system detects and blocks e-mails using the fragmented message exploit.|
|GFI’s Access exploit vulnerability test – Through this test, discover if your machine is vulnerable to the Access exploit vulnerability discovered by GFI. This test does not apply to IE6 users who have the latest patches installed.|
|Iframe remote vulnerability test – Using this test, discover if your machine is vulnerable to the Iframe remote exploit. This test does not apply to IE6 users who have the latest patches installed.|
|Malformed file extension vulnerability test (for Outlook 2002) – This test examines whether your Outlook 2002 (XP) system detects and blocks files with malformed HTA file extensions.|
|MIME header vulnerability test (Nimda and Klez testing) – This test examines whether your system is protected against e-mails using the MIME exploit. This test does not apply to IE6 users who have the latest patches installed.|
|Object Codebase vulnerability test – This test examines whether your system detects and blocks e-mails using the Object Codebase exploit. It is also suited for Outlook 2002. This test does not apply to IE6 users who have the latest patches installed.|
|VBS attachment vulnerability test – This test checks whether your mail server blocks VBS attachments.|
The Windows Security E-mail Scanner is simple to use. Simply go the Windows Security Web site, scroll to the bottom and enter your name and e-mail address in the proper fields. Then select “Test My Email System.”
This will take you to a page that says the e-mails tests have been sent out the address provided. Select Back to return to the previous page.
You can go ahead and open your e-mail at this point and you should see the test e-mails. Go through and click on them and see what happens. Some e-mails will have attachments while some will not. You may also notice your antivirus software firing off virus notifications, but don’t worry. That’s a good sign and it means it’s doing its job.
After everything is done, you can determine if your system is completely secure or if it needs some tweaking. If you do find you need a little tightening up, run the test again, but this time, choose certain vulnerabilities to test. This way, you can track down what in particular you need to safeguard your system against.
I hope you find the Windows Security E-mail Scanner an as impressive service as I do. I think this together with the firewall scanner, you can really feel confident about your system’s current security state.
You can try the Windows Security E-mail Scanning Service here.
Until next week, stay safe out there.
~ Chad Stelnicki