Email Exploit Engine

The Email Exploit Engine blocks exploits embedded in an email that can execute on the recipient’s machine either when the user receives or opens the email. An exploit uses known vulnerabilities in applications or operating systems to compromise the security of a system. For example, execute a program or command, or install a backdoor.

Configuring the Email Exploit Engine

  1. Go to Email Security > Email Exploit Engine.

Email Exploit configuration

  1. From the General tab, select whether to scan inbound and/or outbound emails.
Option Description
Scan inbound SMTP emails Select this option to scan incoming emails
Scan outbound SMTP emails Select this option to scan outgoing emails

Email Exploit Actions

  1. From Actions tab, choose the action to take when an email is blocked:
Action Description
Quarantine email Stores all infected emails detected by the Email Exploit Engine in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information refer to Working with Quarantined emails.
Delete email Deletes infected emails.
  1. To send email notifications whenever an email gets blocked, check any of the following options:
Option Description
Notify administrator

To notify the administrator whenever this engine blocks an email.

For more information refer to Administrator email address. For more information refer to Administrator email address.

Notify local user To notify the email local recipients about the blocked email.
  1. To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file. By default, log files are stored in:

<GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\Logs\<EngineName>.log

Engine Updates tab

  1. In the Updates tab, check Automatically check for updates to enable automatic updating for the selected engine.
  2. From the Downloading option list, select one of the following options:
Option Description
Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option does NOT download the available updates automatically.
Check for updates and download Select this option if you want GFI MailEssentials to check for and automatically download any updates available for this engine.
  1. Specify how often you want GFI MailEssentials to check and download updates for this engine, by specifying an interval value in hours.
  2. From Update options area, check Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully.

NOTE

An email notification is always sent when an update fails.

  1. To force the most recent updates you have two options:
Option Description
Download updates Trigger the update process manually. It is an incremental update where only the most recent definitions are updated.
Force full updates This option forces a new version of the engine to be downloaded and replaced. This option is slower and consumes more bandwidth.
  1. Click Apply.

Enabling/Disabling Email Exploits

  1. Go to Email Security > Email Exploit Engine > Exploit List

Email Exploit List

  1. Select the check box of the exploit(s) to enable or disable.
  2. Click Enable Selected or Disable Selected accordingly.