These are some of the key reasons why GFI MailSecurity is the ideal choice to protect against email viruses, trojans and malware:
- Multiple virus engines guarantee higher detection rate and faster response
- Unique Trojan & Executable Scanner detects malicious executables without need for virus updates - MyDoom was detected immediately!
- Email Exploit Engine and HTML Sanitizer disable email exploits & HTML scripts
Why you need multiple virus engines
With each new virus outbreak, studies increasingly show that different virus engines have widely differing response times to the latest threat. Dependence on a virus engine that responds to a new threat after 9 hours rather than doing so immediately drastically increases your chances of being infected.
Besides, no single anti-virus engine can fully protect against all possible email threats: Each virus scanner has its own strengths and weaknesses. For example, when the MyDoom virus hit, some virus vendors were faster than others to release signatures against this new threat. The difference was a matter of hours; yet, as many discovered at great expense, that is more than enough time for a network to be infected.
Given the inability of any individual anti-virus engine to be the fastest to respond each time round and to provide full coverage against ALL email attacks, logic dictates that combining multiple engines will provide a more complete solution. In simple terms, if anti-virus products X and Y - each stronger in one area but weaker in another - are used together, their joint strength is likely to cover a wider range of security threats, and this way they can counteract each other's weak points. Having multiple scanners at mail server level makes up for the differences in response time between different virus engines and decreases the average response time, thereby greatly reducing the chance of virus infection.
The use of multiple virus engines also enables you to be vendor independent when it comes to virus scanning, allowing you to use the best of breed virus engines available on the market.
For more information about why you need multiple virus engines, click on White Papers and read "Why One Virus Engine Is Not Enough: The Case for Maximizing Network Protection with Multiple Anti-Virus Scanners"
Why you need an executable and trojan analyzer
The recent Novarg virus probably illustrates best of all why you need an executable and trojan analyzer: because of the characteristics of this virus, GFI MailSecurity detected that it was a malicious executable without the need for any virus signature updates. While virus vendors were preparing and deploying updates to detect Novarg, GFI MailSecurity users were already protected from the Novarg virus. It can take several hours to update and deploy signature files, and this can be too late for your network!
The difference between a virus engine and the Trojan & Executable Scanner
Because anti-virus software is signature-based, it can only detect known viruses and trojans, and is therefore unable to detect new viruses such as Novarg without new signature files. GFI MailSecurity's Trojan & Executable Scanner takes a different approach: Rather than relying on signatures, it uses patented, built-in intelligence to rate an executable's risk level. It does this by disassembling the executable, detecting in real time what it might do, and comparing its actions to a database of malicious actions. This way, GFI MailSecurity can detect unknown viruses and trojans before they enter the network – and before anti-virus engine vendors have issued signatures against them. Using this technique, GFI MailSecurity can also detect one-off trojans or malware - targeted towards a specific user to obtain particular information. Because these are one-off threats, anti-virus software will never recognize them.
Why you need an email exploit shield
An exploit uses known vulnerabilities in applications or operating systems to execute a program or code. It "exploits" a feature of a program or the operating system for its own use, such as to execute arbitrary machine code, read/write files on the hard disk, or gain illicit access. An email exploit is an exploit that is embedded in an email and can be executed on the recipient's machine once the user opens or receives the email. This allows the hacker to bypass most firewalls and anti-virus products.
GFI MailSecurity's Email Exploit Engine identifies emails that contain exploits. GFI SecurityLabs conducts research in the hacker community to identify new exploits and incorporate them in this exploit engine. The exploit shield can then protect against any new virus that is based on an exploit.
A case in point concerns the Nimda, BadTrans.B and Klez viruses, which all use the same exploit to propagate. Yet, when the BadTrans.B virus emerged, those who had anti-virus protection against Nimda were defenseless against BadTrans.B and needed a new definition file update to block it. And when Klez appeared, anti-virus vendors again had to issue an update to protect against that. In contrast, an email exploit detection engine recognizes the exploit used and can block all three worms immediately and automatically, without the need for definition file updates.
Why you need an HTML threat engine