I thought that I would give Wormguard and NAV2002 a workout by using the GFI Email Security Testing available here: http://www.gfi.com/emailsecuritytest/ This site provides several tests as follows: VBS attachment vulnerability test CLSID extension vulnerability test MIME header vulnerability test (Nimda testing) ActiveX vulnerability test (works only on IE5.5) GFI's Access exploit vulnerability test CLSID extension vulnerability test (for Outlook 2002) Malformed file extension vulnerability test (for Outlook 2002) Between them, Wormguard and NAV did an excellent job: however, the MIME test was a bit of a surprise (for me anyway). The test site indicates that the MIME exploit makes use of a malformed MIME header and an IFRAME tag to trick Outlook Express into running an attached VBS file. I was hoping that Wormguard would recognize the VBS attachment (as it did in the case of the VBS attachment vulnerability test); however, it did not do so. In truth, the MIME exploit with its attached VBS file did succeed when I chose to open the VBS attachment at the prompt. Anybody else try this? Outcome?
The vbs and mime i received were blocked by the email scanner and WG so..... maybe something in your settings? Updated IE/OE to the latest with the security updates?
I'm using IE6 with Outlook Express, and all patches have been installed. With the MIME exploit, I simply found it curious that the Outpost firewall was able to indentify and warn me about the vbs attachment when the email arrived, but Wormguard allowed me to open it with no warning. My workaround was to change Outpost's attachment filter configuration so that it both reports the vbs attachment and renames it with a .safe extension. Then, even if I proceed to open it, Wormguard jumps all over it as a file with two extensions; however, I can at least view it in safe mode. I'm attempting to make all as secure as possible since I have two grown "children" plus a grandson who use my computer from time to time, and none is quite as security conscious as I would like. Regards. Bob
Glad you found that workaround, hope they do stop them in all cases! I had the feeling there were differences between the files opening when touching the email --the open or save message-- or after clicking the paperclip in the preview window. Good to try such tests, thanks very much for the link! Hope you were able to block them all!
Bob/Jooske I did the same test. Passed with all. Running IE/OE6 with all patches, etc. [well at least as far as I know, the bloody 'Windows Update' is now in new format and not working for me]. WG grabbed 4 [I think] and my security settings simply blocked the rest or they failed [since using IE6 was a negator in some of the tests as it is more secure] Tas
