CHAPTER 2. OPERATION OF THE
APPLICATION
Kaspersky Security 5.5 for Microsoft Exchange Server 2003 scans and, if it is
possible, disinfects all incoming and outgoing e-mail messages as well as
messages stored at the server. The application analyzes the body of the
message and attached files of any format.
Additionally, Kaspersky Security performs an anti-spam scan of all messages
received by Exchange server via SMTP protocol.
The detection of malicious programs, disinfection of infected objects and
detection of messages that contain any type of SPAM is performed based on the
records contained in the anti-virus and the content filtration databases. These
databases are updated by Kaspersky Lab on a regular basis and the updated
versions are uploaded to the Kaspersky Lab's website. Additionally, the
application uses a special analysis facility called a heuristic analyzer that allows
detecting new viruses that are not even known at the moment.
The application scans objects received by the server in the real-time format. The
user cannot open and view a new message before it is scanned.
E-mail messages stored at the server and the content of all public folders are
scanned each time the anti-virus database is updated or according to the
schedule. The scan may identify new viruses that were not described in the anti-
virus database at the time when previous scans were performed. This task is
performed in the background mode and does not have any effect on the
performance of the mail server. If the user requests a message that has not been
scanned with the updated database, such message will be re-scanned prior to
the delivery to the user. Thus, the user will always receive e-mail messages that
have been analyzed using the latest version of the database, no matter when a
particular message arrived to the server.
The application processes each object applying actions specified by the
administrator to objects of a particular type. For instance, an infected object can
be disinfected, deleted or replaced with a notification. The administrator may
select a mode in which the application will deliver messages with infected objects
to the user, although it will change the object's name (by adding information
about the virus) and the object's extension.
Before processing an object, the application can save a copy of this object to a
special backup storage for the consequent restoring or sending to Kaspersky Lab
for analysis.