CHAPTER 7. ANTI-SPAM
PROTECTION
One of the main tasks of Kaspersky Security 5.5 for Microsoft Exchange Server
2003 is protection of mailboxes and public folders of the Exchange server against
unsolicited e-mail messages (SPAM).
The anti-spam scan module filters the incoming e-mail messages while they are
being received via SMTP protocols that is, before the messages get into the
users' mailboxes.
The application scans for spam:
•
Internal and external traffic generated by SMTP clients using anonymous
authentication on the server.
•
Messages arriving at the server via anonymous external connections
(front-end server).
The application does not filter spam in:
•
Internal LAN traffic.
•
External traffic arriving at a server via authenticated sessions.
Each e-mail message will be scanned for the presence of spam attributes. In
order to do this, the applications checks,
first of all
, various message attributes:
the sender's and the recipient's addresses, message size, headers (including the
From
and the
To
headers).
Secondly
, anti-spam
content filtration
is used to analyze the content of the
message (including the
Subject
header) and the attached files
1
. The application
uses unique linguistic and heuristic algorithms based on the comparison of actual
messages with the sample messages and on the deeper analysis of the text,
formatting features and other attributes of the e-mail messages.
The content filtration database is continuously updated in the linguistic
laboratory based on the everyday monitoring of spam sources. There-
fore, in order to maintain the application in the up-to-date state, the da-
tabase shall be updated on an hourly basis (see Chapter 5, page 38).
Messages, in which no SPAM has been found by the anti-spam filtering, will be
delivered intact to the user's mailbox. Other messages that were related to
unsolicited correspondence are assigned one of the four categories of SPAM:
1
Attachments of the following formats are scanned: Plain text, HTML, Microsoft Word, RTF.