Putting Outlook Clients to the Test

By Jim Rapoza  |  Posted 2002-01-21

E-mail viruses such as Badtrans and Kournikova rely on a variety of potential security holes within Microsofts Outlook client, and its difficult for administrators to know if theyve patched every hole.

Those looking for a way to find possible vulnerabilities in their Outlook clients can turn to a free set of tests from GFI (www.gfi.com/emailsecuritytest). To use them, I chose from the e-mail tests available. After an e-mail confirmation, GFI sent the six tests I had specified. These included a .vbs attachment, a hidden CSLID attachment, the MIME vulnerability that Nimda used, plus other potential holes.

The tests were very useful for detecting potential holes in Outlook. However, some of the e-mail messages can be misleading. For example, I got one stating that my mail had accepted a message with a .vbs attachment when the attachment was actually blocked at the server gateway.

Still, for free, its hard to complain, and these tests are a quick way to find known holes in an Outlook mail client and in what the mail server gateway lets in.

Rocket Fuel