Installation instructions
GFI MailSecurity for Exchange/SMTP The Email Exploit Engine 91
The Email Exploit Engine
Introduction to e-mail exploits
What is an exploit?
An exploit uses known vulnerabilities in applications or operating
systems to compromise the security of a system, for example, execute
a program or command, or install a backdoor. It "exploits" a feature of
a program or the operating system for its own use.
What is an e-mail exploit?
An email exploit is an exploit launched via email. An email exploit is
essentially an exploit that can be embedded in an email, and executed
on the recipient‟s machine either once the user opens or receives the
email. This allows the hacker to bypass firewalls and anti-virus
products.
Difference between Anti-Virus software & Email Exploit
Detection software
Anti-virus software is designed to detect malicious code. It does not
necessarily analyze the method used to execute the code.
The Email Exploit Detection Engine analyses emails for exploits - i.e.,
it scans for methods to execute a program or command on the user‟s
system. The Email Exploit Engine does not check whether the
program is malicious or not. Rather, it assumes a security risk if an
email is using an exploit in order to run a program or command -
whether or not the actual program or command is malicious.
In this manner, the Email Exploit Engine works like an intrusion
detection system (IDS) for email. The Email Exploit Engine might
cause more false-positives, but it is more secure than a normal anti-
virus package, simply because it uses a different way of checking for
e-mail threats.
Furthermore, the Email Exploit Engine is optimized for finding exploits
in email, and can therefore be more effective at this job than a
general-purpose anti-virus engine.
Configuring the Email Exploit Engine
Enable/Disable email exploits
To enable/disable emails exploits:
1. Click the GFI MailSecurity Email Exploit Engine Exploit List
node.