Kaspersky Lab Internet Security 2011, RNWL, 1U, 2Y, ENG KL1837UCADR User Manual
Product codes
KL1837UCADR
A
D V A N C E D A P P L I C A T I O N S E T T I N G S
135
Anti-Spam work consists of two stages:
1. Application of strict filtering criteria to a message. These criteria allow a quick determination as to whether the
message is spam. Anti-Spam assigns to the message spam or not spam status, the scan is stopped and the
message transferred to the mail client for processing (see algorithm steps 1 to 5 below).
message transferred to the mail client for processing (see algorithm steps 1 to 5 below).
2. Inspection of messages, which have passed strict selection criteria during previous steps. Such messages
cannot be unambiguously considered spam. Therefore, Anti-Spam has to calculate for them the probability of
being spam.
being spam.
The Anti-Spam algorithm consists of the following steps:
1. The message sender's address is checked for its presence in the lists of allowed or blocked senders.
If a sender's address is in the allowed list, the message receives the Not Spam status.
If a sender's address is in the black list, the message receives the Spam status.
2. If a message was sent using Microsoft Exchange Server and scan of such messages is disabled, the message
is considered as not spam.
3. A message analysis is performed to check if it contains strings from the list of allowed phrases. If at least one
line from this list has been found, the message will be assigned the not spam status. This step is skipped by
default.
default.
4. Anti-Spam analyzes a message to check if it contains strings from the list of blocked phrases or the list of
obscene words. Whenever words from these lists are found in a message, their weighting coefficients are
summed up. If the total of coefficients exceeds 100, such message will receive the spam status. This step is
skipped by default.
summed up. If the total of coefficients exceeds 100, such message will receive the spam status. This step is
skipped by default.
5. If the message text contains an address included in the database of phishing or suspicious web addresses, the
message receives the Spam status.
6. E-mail is analyzed using heuristic rules. If the analysis finds in a message signs typical of spam, the probability
of it being spam increases.
7. E-mail is analyzed using the GSG technology. While doing it, Anti-Spam analyzes images attached to the email
message. If the analysis finds in them signs typical of spam, the probability of the message being spam
increases.
increases.
8. The application analyzes e-mail attachments in .rtf format. It scans attached documents checking them for the
presence of spam signs. Once the analysis is complete, Anti-Spam calculates how much the probability of the
message being spam increased. The technology is disabled by default.
message being spam increased. The technology is disabled by default.
9. It checks for the presence of the additional features typical of spam. Each detected feature increases the
probability that the message being scanned is in fact spam.
10. If Anti-Spam was trained, the message will be scanned using iBayes technology. The self-training iBayes
algorithm calculates the probability of a message being spam based on the frequency of phrases typical of
spam found in message text.
spam found in message text.
Message analysis determines the probability of its being spam expressed as the spam rate value. The Spam or Probable
spam status will be assigned to a message depending upon the specified threshold values of the spam rate (see section
"Regulating threshold values of spam rate" on page
spam status will be assigned to a message depending upon the specified threshold values of the spam rate (see section
"Regulating threshold values of spam rate" on page
). The product adds by default to the Subject field of spam and
potential spam messages the label [!! SPAM] or [?? Probable Spam] (see section "Adding a label to the message
subject" on page
subject" on page
). Then each message will be processed in accordance with your rules defined for email clients
(see section "Configuring spam processing by mail clients" on page