Related Resources • Virus Encyclopedia • Glossary of terms

Elsewhere on the Web • GFI MailSecurity

An important enhancement to GFI MailSecurity has been introduced to tackle the threat of unknown Trojans and executable email attachments. GFI, a leading provider of Windows-based network security, content security and messaging software, has announced that version 8 of its GFI MailSecurity for Exchange/SMTP will offer significant new protection in the form of an innovative Trojan and Executable analyzer.

"The threat of Trojans, used to obtain confidential information or damage a network, is on the rise. As early as 2001, an eWeek article reported that tens of thousands of machines are infected with Trojans; and in March this year, an ICSA Labs survey reported that Trojans are increasingly in use by malicious attackers. Content security products need to meet this challenge and detect unknown and dangerous executables. GFI has made the first step in this direction by introducing a revolutionary Trojan & Executable Scanner in GFI MailSecurity 8," said Nick Galea, GFI CEO.

Trojans pose a particular problem to end users, as they can be used to surreptitiously monitor a system, capturing confidential data such as user IDs, passwords, and even credit card information. Trojans can be used for one-off attacks and thus escape the notice of signature-based antivirus vendors. Without an exact signature, such Trojans can be undetectable by traditional antivirus software. Even products designed specifically for Trojan detection can miss the detection of new and one-off Trojans because they too rely on signature updates. By disassembling the executable and monitoring its actions in real time, GFI MailSecurity 8 can compare the intended actions to a databased of malicious actions. In so doing, GFI offers a solution designed to detect even unknown and one-off Trojans, prior to their entering the network.

Other new features in GFI MailSecurity 8

• Support for Exchange 2003 and Windows Server 2003
• A decompression engine that now supports an industry record of more than 75 compression formats while offering configurable handling of compressed file archives
• Automatic updates to the exploit engine
• A web-based moderator that enables administrators to moderate quarantined items via a web browser
• Support for further anti-virus engines (to be announced)
• Improved configuration.