Risk
12/2/2010
06:57 PM
50%
50%

GFI Software Launches MailSecurity 2011

Increased malware protection with sandboxing, link checking, and an enhanced dashboard are included in the on-premises email security software.

GFI MailSecurity 2011 Dashboard
(click image for larger view)
GFI MailSecurity 2011 Dashboard

GFI Software on Thursday introduced GFI MailSecurity 2011 email security software. The on-premises software checks inbound and outbound email using multiple antivirus engines, as well as an exploit detection engine, spyware detection, HTML sanitization and attachment checking.

Enhancements address two key attack vectors, according to Nicholas Sciberras, product manager, GFI, which are, "the most recent malware for which definitions have not been released and links in emails that point to malware."

Other features include an updated dashboard, an HTML Sanitizer exclusion list, more comprehensive scanning of internal email and enhanced attachment checking.

GFI MailSecurity 2011 uses Norman AV's Sandbox technology, which runs suspect malware in attachments, and analyzes the code activity, within a sandbox. This identifies, stops and isolates new and previously unknown malicious code that is in an attachment, "before it can damage computer networks or compromise data," according to the company.

When running the optional AVG antivirus engine, GFI MailSecurity 2011 can now also detect links within email message body that point to malware.

The HTML Sanitizer exclusion list addresses the challenge of HTML tags and HTML forms in legitimate email being disabled by GFI MailSecurity's HTML Sanitizer. The exclusion list lets email messages from approved senders bypass being scanned by the HTML Sanitizer. (Bypassed messages are still checked by MailSecurity's other filters.)

GFI has improved checking of email attachments, including the ability to block attachments that exceed a specified size or are suspicious, while letting the rest of the message be delivered. GFI MailSecurity can now also do full scans of all internal email messages, using all of the product's various filters.

Additionally, GFI MailSecurity's dashboard now gives administrators access to various counters and important logs.

GFI MailSecurity runs on Windows Server 2008 or 2003 and requires an email server such as Microsoft Exchange. Pricing starts at $160 dollars for 10 mailboxes for the first year, and $102 for subsequent years, with volume discounts.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.