Question
I have performed the CLSID extension vulnerability test from the GFI security website which indicates that my server is not protected. How do I protect against this type of message?
Answer
To protect against a CLSID exploit, you should use GMS Anti-Spam to block for attachments with the extension of:
{*}
and
{3050f4d8-98b5-11cf-bb82-00aa00bdce0b}
However this is not a subsitute for having up to date virus protection, such as that provided by running GMS Anti-Virus on your server.
If you are running GMS Anti-Virus and a virus arrives which attempts to exploit the CLSID vulnerability, the message will be scanned and rejected without the requirement to block these attachment types altogether.
Alternatively you can use the MessageQualityMask option which allows you to reject email messages with certain characteristics. Please see KB article q965 in the see also section of this article for more information on this option.
See Also:
- Why does #GMS# appear to fail the GFI security test I have tried?
- How do I pass the GFI “CLSID extension vulnerability test”?
- How do I pass the GFI “Fragmented message vulnerability test (for Outlook Express)”?
- How do I pass the GFI “Iframe remote vulnerability test”?
- How do I pass the GFI “MIME header vulnerability test”?
- How do I pass the GFI “VBS attachment vulnerability test”?
- How do I pass the GFI ActiveX vulnerability test?
- How do I pass GFI’s Access exploit vulnerability test?
- How do I pass the GFI “Object Codebase vulnerability test”?
- How do I pass the GFI “Eicar anti-virus software test”?
- How can I reject malformed mime messages?
- How do I pass the GFI “Malformed file extension vulnerability test”?
Keywords:CLSID GFI