Email Exploit Engine
The Email Exploit Engine blocks exploits embedded in an email that can execute on the recipient’s machine either when the user receives or opens the email. An exploit uses known vulnerabilities in applications or operating systems to compromise the security of a system. For example, execute a program or command, or install a backdoor.
Configuring the Email Exploit Engine
- Go to Email Security > Email Exploit Engine.
Email Exploit configuration
- From the General tab, select whether to scan inbound and/or outbound emails.
| Option | Description |
|---|---|
| Scan inbound SMTP emails | Select this option to scan incoming emails |
| Scan outbound SMTP emails | Select this option to scan outgoing emails |
Email Exploit Actions
- From Actions tab, choose the action to take when an email is blocked:
| Action | Description |
|---|---|
| Quarantine email | Stores all infected emails detected by the Email Exploit Engine in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information refer to Working with Quarantined emails. |
| Delete email | Deletes infected emails. |
- To send email notifications whenever an email gets blocked, check any of the following options:
| Option | Description |
|---|---|
| Notify administrator |
To notify the administrator whenever this engine blocks an email. For more information refer to Administrator email address. For more information refer to Administrator email address. |
| Notify local user | To notify the email local recipients about the blocked email. |
- To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file. By default, log files are stored in:
<GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\Logs\<EngineName>.log
- In the Updates tab, check Automatically check for updates to enable automatic updating for the selected engine.
- From the Downloading option list, select one of the following options:
| Option | Description |
|---|---|
| Only check for updates | Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option does NOT download the available updates automatically. |
| Check for updates and download | Select this option if you want GFI MailEssentials to check for and automatically download any updates available for this engine. |
- Specify how often you want GFI MailEssentials to check and download updates for this engine, by specifying an interval value in hours.
- From Update options area, check Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully.
NOTE
An email notification is always sent when an update fails.
- To force the most recent updates you have two options:
| Option | Description |
|---|---|
| Download updates | Trigger the update process manually. It is an incremental update where only the most recent definitions are updated. |
| Force full updates | This option forces a new version of the engine to be downloaded and replaced. This option is slower and consumes more bandwidth. |
- Click Apply.
Enabling/Disabling Email Exploits
- Go to Email Security > Email Exploit Engine > Exploit List
Email Exploit List
- Select the check box of the exploit(s) to enable or disable.
- Click Enable Selected or Disable Selected accordingly.