GFI releases MailSecurity 8 - Introduces Trojan and executable analyzer
GFI's Trojan & Executable Scanner can detect malicious executables automatically to tackle the fast-growing threat posed by Trojans

London, UK, 23 June 2003 - GFI today announced the release of GFI MailSecurity for Exchange/SMTP 8, an email content security product that uses multiple anti-virus engines, exploit detection, an HTML threats engine, and content and attachment checking to scan incoming and outgoing email for viruses, exploits and attacks. Version 8 includes many key features, the most significant of which is a new Trojan & Executable Scanner.

"The threat of Trojans, used to obtain confidential information or damage a network, is on the rise. As early as 2001, an eWeek article reported that tens of thousands of machines are infected with Trojans; and in March this year, an ICSA Labs survey reported that Trojans are increasingly in use by malicious attackers. Content security products need to meet this challenge and detect unknown and dangerous executables. GFI has made the first step in this direction by introducing a revolutionary Trojan & Executable Scanner in GFI MailSecurity 8," said Nick Galea, GFI CEO.

Trojan and executable analyzer detects unknown dangers
GFI's Trojan & Executable Scanner can analyze what an executable does, and quarantines any executables that perform suspicious activities, such as Trojan files. Trojans are dangerous as they can enter a victim's computer undetected, granting an attacker unrestricted access to the data stored on that computer.

Difference between the Trojan & Executable Scanner and an anti virus engine
Unlike viruses, which tend to be widely disseminated, Trojans are often "one-off" executables, targeted towards a specific user to obtain particular information. Because anti-virus software is signature- based, it is unable to detect these custom-made Trojans. Indeed, any product that relies on signatures alone to detect malicious software cannot be effective in detecting such threats - even if it is a specialized anti-Trojan solution - because signature-based software can only detect known viruses and Trojans. However, this software cannot recognize or identify one-off Trojans, as these are not released in the wild and therefore their signatures remain unknown.

GFI MailSecurity takes a different approach by using built-in intelligence to rate an executable's risk level. It does this by disassembling the executable, detecting in real time what it might do, and comparing its actions to a database of malicious actions. This way, GFI MailSecurity can detect potentially dangerous, unknown or one-off Trojans before they enter the network.

Other new features in GFI MailSecurity 8

• Support for Exchange 2003 and Windows Server 2003
• A decompression engine that now supports an industry record of more than 75 compression formats while offering configurable handling of compressed file archives
• Automatic updates to the exploit engine
• A web-based moderator that enables administrators to moderate quarantined items via a web browser
• Support for further anti-virus engines (to be announced)
• Improved configuration.