#1  
Old 03-December-2001, 23:28
Ann Ann is offline
Screamager
 
Join Date: Apr 2001
Location: Kent
Posts: 828
Default Email security test

Don't know if this has been here before but this is a good way to test your system. See whether it would let you get infected. Mine passed all tests. Weird purposely trying to open viruses though.....

http://www.gfi.com/emailsecuritytest/
Reply With Quote
  #2  
Old 04-December-2001, 00:10
Ian's Avatar
Ian Ian is offline
 
Join Date: Apr 2001
Location: Down South
Posts: 3,266
Default

What a neat idea

Passed the 2 tests I received (ActiveX and CLSID) haven`t yet received the other 2, I suspect freeserve block emails with .vbs attachments.
Reply With Quote
  #3  
Old 04-December-2001, 04:08
Tebbie
Guest
 
Posts: n/a
Default

umm, EEK! I think i really have to have Sil check mine,, i think I have alot of security holes in my email

two of thes tests showed me what was on my comp ,, which is very bad i think?

Great test Ann.

Hey,, there are a few different kinds of tests like these about right? Perhaps someone could gather them all together and put them on the site where they could be accessed easily? Forgive me if they are already gathered somewhere on here

tebs ,,,,worried about her email now
Reply With Quote
  #4  
Old 04-December-2001, 14:11
Worldlife's Avatar
Worldlife Worldlife is offline
Safe Sane Consensual
 
Join Date: Apr 2001
Location: West Sussex, UK
Posts: 14,843
Default

Thanks...seem ok

(IE6 with IPE Real Time Virus and Zone Alarm Pro)

Reply With Quote
  #5  
Old 04-December-2001, 22:15
gem's Avatar
gem gem is offline
 
Join Date: May 2001
Location: Currently in Brittany, France
Posts: 5,606
Default

Thanks Ann. I'm using IE6 with McAfee 6.01 and ZoneAlarm and I past, great.
__________________
GEM
Reply With Quote
  #6  
Old 05-December-2001, 11:59
Pisces Pisces is offline
Screamager
 
Join Date: Apr 2001
Posts: 1,783
Default Oh Help!

I am using IE 5.0 and have failed two tests.

CLSID Extension vulnerablilty test and MIME Header vulnerablity test.

Is there anything I can do to prevent these getting on my machine. I use Zonealarm and Inoculate and update nearly every day.

Many thanks

Pisces
Reply With Quote
  #7  
Old 05-December-2001, 14:35
Ann Ann is offline
Screamager
 
Join Date: Apr 2001
Location: Kent
Posts: 828
Default

What emailer are you using? If it's Outlook Express that's your problem. Eudora came through with flying colours. (And I don't have a firewall.)

Ann
Reply With Quote
  #8  
Old 05-December-2001, 15:13
squidgy
Guest
 
Posts: n/a
Default

Just trying to receive the email now .... anxious to get result. Am using Outlook Express 5.0, Zonealarm is set to ask if it's allowed to connect, so I'm in the habit of starting it and saying yes to download email, then shutting it down and restarting it, and saying no to read the email I've just downloaded.
Reply With Quote
  #9  
Old 05-December-2001, 15:25
squidgy
Guest
 
Posts: n/a
Default

Well, the activex test didn't do anything. Also, received the CLSID test, I could see the CLSID extension in the attachment, and saved it to desktop where it didn't show. But when I tried to run it, windows explorer asked me what application I would like to open the file with, and again, the CLSID extension showed. I haven't received the other two. Am using a fsnet.co.uk email address, as Ian says, maybe freeserve block it, so I'll try the same tests again on one of my other email addresses.
Reply With Quote
  #10  
Old 05-December-2001, 15:46
squidgy
Guest
 
Posts: n/a
Default

Have now tried a softhome.net email address, and this time, I received all four tests, so it does look as though freeserve block them. The .vbs extension test resulted in me getting an email with an attachment that zonealarm had renamed.

I think I kinda failed the mime vulnerability test, though. However, it didn't cause this text file to appear on the desktop, instead, it opened a multimedia player program (Windows Media Player) and Windows Media Player popped up an error message saying "a redirection problem occurred".

In the source code, of the email, it says this.

Content-ID: <GFI>
Content-Type: audio/x-wav;
name="viewthis.zlv"
Content-Transfer-Encoding: quoted-printable

I guess that the content type being audio is why windows media player got involved, but the name having zlv extension suggests that zonealarm has done something with it too.

I plan to try it again with the zonealarm mailsafe feature turned off, and see if that does anything else. It's interesting that all of them got through on the softhome email address but only two of them got through on the freeserve email address. I also have email addresses from Yahoo, BTinternet, World Online and Eurobell as well, so I'll see if any of these do any blocking.
Reply With Quote
  #11  
Old 05-December-2001, 16:02
squidgy
Guest
 
Posts: n/a
Default

Yep, freeserve was the only one that blocked any of the mail. Softhome, Yahoo, BTinternet, WorldOnline and Eurobell have all relayed all four of the test messages.

To be honest, Freeserve have slightly gone down in my estimation as a result of that. I like to think that I will actually get email that's sent to me, and rely on local security to protect against viruses, so that I can use them as evidence of viruses, even if that only means phoning up a friend and saying "oy, you've got a virus". Freeserve perhaps stops you from doing that, which, in my opinion, isn't really a solution.

Will try one of the addresses again now, but this time with mailsafe turned off. I expect that the mime vulnerability will actually get through, but just want to check.
Reply With Quote
  #12  
Old 05-December-2001, 16:11
Pisces Pisces is offline
Screamager
 
Join Date: Apr 2001
Posts: 1,783
Default

Ann, I am using Outlook Express 5.

Is there anyway I can protect myself using OutlooK?

Many thanks..Pisces
Reply With Quote
  #13  
Old 05-December-2001, 16:19
squidgy
Guest
 
Posts: n/a
Default

Have tried the MIME vulnerability test with zonealarm mailsafe both turned on and off now. Note, of course, that whether zonealarm renames the extension or not depends on whether mailsafe is turned on or not at the time you download the email from the pop3 server.

In both cases, it opened up Windows Media Player which reported a redirection problem. But in the case of the email downloaded when mailsafe was turned OFF, I also got a popup message saying ....
Inoculate IT real-time protection has found that CWINDOWS\TEMP\VIEWTHIS.VBS is a VBS.VBSWG.Z worm. Not restored.
However, the text file on the desktop was still not created, regardless of whether ZoneAlarm MailSafe was turned on or not at the time I downloaded the email.

Do you reckon there's a flaw here at all?
Reply With Quote
  #14  
Old 05-December-2001, 16:27
squidgy
Guest
 
Posts: n/a
Default

In reply to Pisces, I'm wondering if it's not such a bad idea to start using Freeserve email addresses that block .vbs attachments until I find out more about whether the mime vulnerability is really a threat or not. You can get a Freeserve email address for free at http://www.freeserve.com/time/noties .... it's dead easy, just sign up for "No Ties" with any old information, it doesn't really matter whether you give your real name and address and phone number or not, then configure your mail client to use their POP3 server to download email according to the instructions you get, but ignore everything else, and continue to use your existing ISP's SMTP server (or local MX resolution if you prefer) to send mail.
Reply With Quote
  #15  
Old 05-December-2001, 17:49
Ian's Avatar
Ian Ian is offline
 
Join Date: Apr 2001
Location: Down South
Posts: 3,266
Default

Freeserve will block your account if you do not use it for dial up for a certain amount of time (30 days 60 days ? something like that)

They do seem to block incoming and outgoing attachements of various sorts (.bat, .vbs) but not .pif which badtrans sends out (i think) which is generally a good thing.

Media player gets involved because the attachment is embedded as a media player file, but with the wrong extension, so an unpatched PC will execute the file using whatever application is associated with that extension, with the correct patches it uses the application associated with whatever it is pretending to be.

Erk.

eg a .vbs file embedded as a .wav file,

an unpatched pc will run the file using windows scripting (*bad*)
a patched pc will run the file using media player (*good*)

There are patches that will correct this behaviour, or installing IE6 will also fix it.
Reply With Quote
  #16  
Old 05-December-2001, 18:25
squidgy
Guest
 
Posts: n/a
Default

I see why Windows Media Player gets involved. Presumably if Realplayer was my default .WAV player, it would open that instead then. Maybe I'll try reassociating .wav files with windows scripting, to see if that actually generates this text file.

I tried running both the mail that had been processed by ZA MailSafe and the one which hadn't without ITPE Real Time Protection turned on, again, same result, both opened WMP which then reported an error, but obviously no ITPE popup this time.

The other thing is, the attachment doesn't actually show in the attachment list with that mime vulnerability, but in the folder, it shows as an email which has an attachment. Ok, so it's good that it opens it with the right application, this also suggests that as long as ZoneAlarm MailSafe is running, ZoneAlarm will handle anything iffy, but the fact that an attachment opens automatically in any application at all is not such a good thing. I happen to have Word and Excel installed, and I believe that there are macro viruses which could be run automatically, which mailsafe wouldn't catch.

Mind you, I guess I could reconfigure mailsafe so that it renames any word or excel files as well. Or perhaps I could reconfigure it so that it renames absolutely everything, resulting in ZoneAlarm handling any mime header vulnerabilities. There doesn't seem to be an option to do this, though. What do you lot suggest? Thanks.
Reply With Quote
  #17  
Old 05-December-2001, 18:27
squidgy
Guest
 
Posts: n/a
Default

You mention Freeserve axeing the email address after 30 days, I don't think I've had my freeserve email address that long yet, but I'm sure I've definitely never used the dial-up. Still, I suppose you could always sign up again every 28 days so that you always have an email address. If you want to give people an address that stays the same, maybe use something like Yahoo Mail forwarding service, and reconfigure that every 28 days as well.
Reply With Quote
  #18  
Old 07-December-2001, 00:04
Rob
Guest
 
Posts: n/a
Unhappy ActiveX

I did the tests and am apparently vulnerable to ActiveX, but not the others. So how do I get rid of this vulnerability? I can't see anything obvious to turn off under the "advanced" tab on IE properties.
Reply With Quote
  #19  
Old 07-December-2001, 00:32
Techtips
Guest
 
Posts: n/a
Default

You need to do tow things to secure MS email clients from running script and active X:-

Step 1.

In Outlook OR Outlook express:-

Tools
Options
Security Tab
Select Restricted Sites Zone
Then go into IE

Step 2.

THEN in Internet Explorer :-

Tools
options
Security Tab
Select Restricted Sites Icon
Custom level
DISABLE EVERYTHING

This will stop all ActiveX and Javascripts from running in your preview pane.

You may lose some of the functionality in the email in MS mail clients but hey how many exciting apm emails do you get each day that you particularly WANT to look at ?

Other than that use another email client.

Last edited by Techtips; 07-December-2001 at 00:36.
Reply With Quote
  #20  
Old 08-December-2001, 00:50
Ann Ann is offline
Screamager
 
Join Date: Apr 2001
Location: Kent
Posts: 828
Default

Freeserve do axe your address after about 3 months. I know someone it happened to. You can reinitialise it but it's a pain.

Ann
Reply With Quote
  #21  
Old 08-December-2001, 02:14
Rob
Guest
 
Posts: n/a
Smile ActiveX

See above. I did as Techtips said and did the test again - I am no longer vulnerable to ActiveX.

Many thanks. I'm a bit paranoid as I recently got the Sircam worm, although fortunately was able to kill it before it did any damage.

Getting at disabling it is not exactly obvious, is it? No wonder so many people get email viruses!

Rob
Reply With Quote
  #22  
Old 08-December-2001, 12:17
Ann Ann is offline
Screamager
 
Join Date: Apr 2001
Location: Kent
Posts: 828
Default

NTL let all 4 emails through too but one of my addresses won't even let the confirmation email through. Wonder why not. It's a bit of an odd set up though. Maybe the content has triggered something and it has now to be passed. Will see if it ever arrives.

Ann
Reply With Quote
  #23  
Old 10-December-2001, 05:31
ctlance
Guest
 
Posts: n/a
Post

No problems with the email client "Becky 2". Zonealarm "blocked" the first four mails, I had to download them again (luckily they were still on the server ). Just wanted to state that.

Hmmm... My email provider is a german freemailer, [/URL] GMX - he obviously didn't block the scripts... which makes me kinda sad, because that'd really make things easier. *goes off to delete some more spam/virii*

Anyhoo, Hi, I'm new, don't kill me.

OBadvertisement: Get Becky 2 here.
Reply With Quote
  #24  
Old 11-December-2001, 00:26
Jubesville
Guest
 
Posts: n/a
Default Spooky

Mmmm....
Just visted Steve G's site and did the test - not sure what to make of the result.
I got the confirmation emails, when I opened the attachments Mcafee warned me they may be unsafe etc. but, what the hell, I opened them anyway...and it let me.
I think in reality if these warnings had come up I probably would have at least put the files into quarantine to check them.
Several folks mentioned Zone Alarm - I love it as it feeds my paranoia....should it have blocked this stuff, what happens if Steve goes (really) mad and starts sending out damaging stuff from his site....don't even get me started!!!


Jubes
Reply With Quote
  #25  
Old 17-December-2001, 06:12
The Beef's Avatar
The Beef The Beef is offline
我們被注定
 
Join Date: Apr 2001
Location: From Southport
Posts: 2,114
Default

I just did the email test and was unable to open any of the files. Norton antivirus kicked in for the Vbs one and all the others wouldn't open due to email security and not recognised file associations.
No little icons appeared on my desktop with info about my comp
__________________
Beef.

"Thinking about what you might not be able to control, only wastes time and energy, till it eventually becomes your enemy."
Reply With Quote
  #26  
Old 11-August-2002, 06:56
Worldlife's Avatar
Worldlife Worldlife is offline
Safe Sane Consensual
 
Join Date: Apr 2001
Location: West Sussex, UK
Posts: 14,843
Default

McAfee Spamkiller blocked all nine email messages.

The reason given was that "To is missing"

To open these messages I have to resend them from Spamkiller to my myself and they will then appear in the Inbox of Outlook.

Would this be too much of a hassle to you heavy email users?


Results

(Blocked mail by Freeserve from Spamkiller to Virgin.net address opened by Outlook.)

vbs and eicar test messages returned to sender with suggestion that they were sent as zip files.

client based email security (Outlook? Zone Alarm?) resulted in a pass for all other tests

Last edited by Worldlife; 11-August-2002 at 07:18.
Reply With Quote
  #27  
Old 05-March-2004, 22:03
Fritz
Guest
 
Posts: n/a
Default Eclipse & Zoone alarm worked (I think)

Eclipse anti virus broadband setup worked well.

I only got a zone alarm alert to allow a connection to a site that I declined.

Is this good or should I allow this to get my results? shrug:

Fritz:
Reply With Quote
  #28  
Old 16-April-2004, 14:18
Dave40
Guest
 
Posts: n/a
Question

I'm not sure if this is relevent to this thread or should be in some other place but as of yesterday morning I can no longer open my email.

I'm using OE6 with the very latest critical update and connect to my ISP through a Netgear 834G modem router firewall.

The mail will download but when an item is clicked on nothing happens apart from a constant hourglass. I was considering moving over to full Outlook 2000 anyhow but don't know if this will cure the problem.

Apologies if I'm in the wrong place.

Dave
Reply With Quote
  #29  
Old 04-September-2004, 06:31
Alphabetex's Avatar
Alphabetex Alphabetex is offline
Screaming net veteran
 
Join Date: May 2001
Posts: 220
Default

Run this test 5 minutes ago and had 24 test emails arrive, now I'm using the very latest zone alarm pro and bang up to date ez antivirus 6.2 also I have all the XP updates apart from sp2, yet one of these attachments read the contents of my drive: here is the text below.

This is a proof of concept demonstration
By GFI [ http://www.gfi.com ]


[ Network Properties ]

Domain = JOHN-HPELZDB07
Computer Name = JOHN-HPELZDB07
User Name = sas

Network drive mappings:

Network printer mappings:
Port SHRFAX: = Fax
Port LPT1: = Canon Bubble-Jet BJC-250
Port My Documents\*.pdf = Adobe PDF

[ Folder List of C ]

RECYCLED
BTMAGIC.PQ
WINDOWS
My Documents
Program Files
unzipped
SBPCI
pacman
win98
My Music
Application Data
MAGIX
TBRIDGE
ati
INCINERATE
SmartRipper
Downloads
INSTALL
CDRWIN3
System Volume Information
msdownld.tmp
Config.Msi
Training
callerid
WUTemp
Data Lifeguard 9x
Return of Arcade
notel97
pub
STYCPP24
DJGPP
HELPBLDR
LLLIB
SETUP
winrar3
oldgames
temp
My Intranet
{5702D078-DCE3-4C54-96DF-751FEA6DF137}
My Downloads
Paltalk
MONOWIN
Q&A
SCANDOC
gs
My Shared Folder
Converted Audio Files
EasyDivX
ScanSoft
program files2
{5B90690E-2E0F-11D6-B3C1-BF2A871C096D}
My Drivers

And another opened the windows media player. ...........so looks like the security patches, zone alarm pro and a good anti virus system aren't enough!

Last edited by Alphabetex; 04-September-2004 at 06:37.
Reply With Quote
  #30  
Old 07-August-2009, 17:57
joe2cool's Avatar
joe2cool joe2cool is offline
Screamager
 
Join Date: May 2003
Location: UK
Posts: 795
Default Re: Email security test

No problems
__________________
joe2cool

STAY COOL!! Live Each & Every Day As If It's Your Very LAST!!!



Life is a gamble at terrible odds - if it was a bet you wouldn't take it.


Favourite Photo's
Reply With Quote
Reply

Tags
audio, bad, blocking, computer, dead, email, feature, files, happy, home, internet, isp, line, mail, make, netgear, network, online, opinion, phone, player, port, security, smtp, virgin, virus, volume, windows, zone, zonealarm

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 02:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!