- DL manuals
- KAPERSKY
- Other
- ANTI-SPAM 3.0 -
- Administrator's Manual
KAPERSKY ANTI-SPAM 3.0 - Administrator's Manual
Summary of ANTI-SPAM 3.0 -
Page 1
Kaspersky lab kaspersky ® anti-spam 3.0 administrator's guide.
Page 2
K a s p e r s k y ® a n t i - s p a m 3 . 0 administrator's guide © kaspersky lab http://www.Kaspersky.Com revision date: may 2007.
Page 3
Contents chapter 1. Kaspersky anti-spam 3.0................................................................. 6 1.1. What's new in version 3.0 ..................................................................................... 7 1.2. Licensing policy ...................................................
Page 4
4 kaspersky anti-spam 3.0 4.3. Filtration policy management .............................................................................. 32 4.3.1. General filtration policy ................................................................................. 33 4.3.1.1. The general section ..............
Page 5
Contents 5 chapter 6. Frequently asked questions................................................... 78 appendix a. Additional information on kaspersky anti-spam.......... 82 a.1. Location of product files in the file system.......................................................... 82 a.2. Client mod...
Page 6
Chapter 1. Kaspersky anti- spam 3.0 kaspersky ® anti-spam 3.0 (hereinafter also referred to as kaspersky anti- spam or the product) is a software suite filtering e-mail in order to protect mail system users from unsolicited mass mail (spam). Kaspersky anti-spam uses administrator-defined rules to pr...
Page 7
Kaspersky anti-spam 3.0 7 second, the application employs content filtration, i.E. It analyzes the actual message contents (including the subject header) and attached files 1 . The product uses to that effect linguistic algorithms based on comparison with sample messages and search for typical terms...
Page 8
8 kaspersky anti-spam 3.0 • enhanced subsystem analyzing graphic attachments (gsg), • added support for the use of sender policy framework (spf) and spam url realtime blocklists (surbl) services. • included internal urgent detection system (uds), which allows the user to receive information about ce...
Page 9
Kaspersky anti-spam 3.0 9 1.2. Licensing policy the licensing policy for kaspersky anti-spam 3.0 implies a system of product use limitations based on the following criteria: • mail traffic volume. • the number of protected mail accounts. • the number of mail systems users. The said limitations will ...
Page 10
10 kaspersky anti-spam 3.0 • freebsd 6.2. • one of the following mail servers: • sendmail 8.13.5 with milter api support. • postfix 2.2.2. • qmail 1.03. • exim 4.50. • communigate pro 4.3.7. • installed bzip2 and which utilities. • perl interpreter. 1.4. Distribution kit you can purchase kaspersky a...
Page 11
Kaspersky anti-spam 3.0 11 and the money you paid for the product will be refunded to you on the condition that the envelope with the installation cd (or set of floppy disks) is still sealed. By opening the sealed envelope with the installation cd (or set of floppy disks), you confirm that you agree...
Page 12
Chapter 2. Architecture of kaspersky anti-spam and principles of spam filtering this section contains descriptions of the main product components and the principles of filtering as well as the control center, the main tool for kaspersky anti-spam administration and configuration. 2.1. Product struct...
Page 13
Architecture of kaspersky anti-spam and principles of spam filtering 13 figure 1. The architecture of kaspersky anti-spam • control center – web-based interface that administrators can use to configure the product, analyze its status and functionality. • monitoring system – a system that tracks the ...
Page 14
14 kaspersky anti-spam 3.0 the distribution package of kaspersky anti-spam includes client plug-ins for sendmail, postfix, exim, qmail and communigate pro. As a rule, a client plug-in must be installed as a filter providing for receipt of messages to be analyzed from the mail server and for the subs...
Page 15
Architecture of kaspersky anti-spam and principles of spam filtering 15 • monitoring of requests from client modules for connection to the filtering process; • initiation of new filtering processes when there are no available processes left; • monitoring the status of running processes; • terminatio...
Page 16
16 kaspersky anti-spam 3.0 kaspersky anti-spam 3.0 processes e-mail traffic using the following algorithm: 1. Client plug-in module integrates with an installed mail server. 2. Mail server transfers to the client module messages for analysis by the filtration server. 3. Filtration server checks mess...
Page 17
Architecture of kaspersky anti-spam and principles of spam filtering 17 2.2.2. Content filtration message analysis employs the algorithms of content filtering: the application uses artificial intelligence technologies to analyze the actual message content (including the subject header), and its atta...
Page 18
18 kaspersky anti-spam 3.0 2.2.3. Checks using external services in addition to the analysis of message text and headers, kaspersky anti-spam allows a number of the following checks involving external network services: • availability of a dns record for message sender's ip (reverse dns lookup); • th...
Page 19
Architecture of kaspersky anti-spam and principles of spam filtering 19 the uds technology allows filtering of known spam before updates to the content filtration databases become available. A filtration server interacts with uds servers of kaspersky lab via udp using port 7060 for communication. In...
Page 20
20 kaspersky anti-spam 3.0 after recognition, the application may perform one of the following actions over a message: • accept the message; • relay the message or a copy thereof to another address; • add a text mark in the message subject field; • append a special header to the message; • delete me...
Page 21
Architecture of kaspersky anti-spam and principles of spam filtering 21 2.5. Filtration policies kaspersky anti-spam employs filtration policies to determine the methods applicable for spam recognition, the actions to be performed over messages and the black and white lists of senders. The product u...
Page 22
22 kaspersky anti-spam 3.0 2.7. Monitoring kaspersky anti-spam includes a monitoring module for control of the filtration server status. System status information appears in the monitoring tab of the control center. Figure 2. The monitoring tab of the control center the section contains parameters t...
Page 23
Chapter 3. Installing kaspersky anti-spam this section contains information about the procedure of program installation, integration of client plug-in modules with the host mail server and configuring access to the control center, the main product management tool. 3.1. Preparing for installation bef...
Page 24
24 kaspersky anti-spam 3.0 3.2. Installing kaspersky anti-spam distribution package kaspersky anti-spam 3.0 is distributed in several installation packages: • .Rpm package for most distributions of the linux operating system (redhat, suse, mandrake, fedora, etc.); • .Deb package for debian linux dis...
Page 25
Installing kaspersky anti-spam 25 3.3. Configuring access to the control center upon completion of product setup, the installer runs the kas-thttpd service, which provides local access to the control center. The following settings are used by default: • address: http://127.0.0.1:3080/ • user name: a...
Page 26
26 kaspersky anti-spam 3.0 the interface and port number to be used for connection to the control center are specified in the /usr/local/ap-mailfilter3/etc/kas-thttpd.Conf file using the host and port parameters respectively. E.G., the following values: host=0.0.0.0 port=3080 mean that the control c...
Page 27
Installing kaspersky anti-spam 27 if a license key has not been installed or the installed key is invalid, kaspersky anti-spam will not filter mail. Mail server performance will not be affected; its e- mail traffic will just be transferred without analysis. Please keep in mind that the product will ...
Page 28
28 kaspersky anti-spam 3.0 • to integrate kaspersky anti-spam with postfix, run the following command as root: # /usr/local/ap-mailfilter3/bin/config-postfix.Pl where path stands for the path to the master.Cf postfix configuration file. • to integrate kaspersky anti-spam with exim, run the following...
Page 29
Installing kaspersky anti-spam 29 3.6. Configuring updates of content filtration databases and uds use by default after installation of kaspersky anti-spam updates to the content filtration databases and uds are disabled. In order to allow updating of the databases and activate uds, run the enable-u...
Page 30
Chapter 4. Managing the spam filtration server you can use kaspersky anti-spam to protect e-mail traffic from unwanted spam mail. The system of protection is based on performance of tasks representing the main features of the application. The tasks performed by kaspersky anti-spam can be subdivided ...
Page 31
Managing the spam filtration server 31 • restart – restart the main components of the filtration server; the action is identical to running the stop and start actions one after another. The kas-thttpd service providing access to the control center of kaspersky anti- spam is started by the kas3-contr...
Page 32
32 kaspersky anti-spam 3.0 • statistics – the function containing statistical reports, which allow you to analyze the number of messages processed by the system. • policies – the section used for customization of spam filtering policy. • settings – the section containing the settings of the anti-spa...
Page 33
Managing the spam filtration server 33 • groups – the settings of user groups, recognition policies applicable to individual groups and the sets of actions over messages: • group list – the section for managing user groups: creation, deletion of groups, and launching the editor of group properties. ...
Page 34
34 kaspersky anti-spam 3.0 in addition to the section titles, the list contains the following information: • brief section description; • total number of rules in a section; • the number of modified rules compared with the original settings of the content filtration databases. To the right of the de...
Page 35
Managing the spam filtration server 35 in the general section you can configure the following parameters: • detection defines whether the product checks messages for spam signs. If spam recognition is disabled, all messages will be assigned the trusted status (please refer to section 2.3 on page 19 ...
Page 36
36 kaspersky anti-spam 3.0 dns and dns-based checks may result in considerably slower message processing. Disable the method if its use reduces filter performance noticeably. This parameter determines the use of dns services by the filtration server. Individual services can be enabled / disabled in ...
Page 37
Managing the spam filtration server 37 • check spf records – sender's ip address check using spf. Figure 6. The dns & spf checks section 4.3.1.3. The headers checks section the headers checks section (see fig. 7) allows you to configure the parameters of rules used to analyze e-mail message headers....
Page 38
38 kaspersky anti-spam 3.0 which, being applied, may filter out useful mail with certain known signs of spam. These signs include: • undisclosed list of recipients in to – the presence of an undisclosed list of recipients in the to header. • digits mixed with letters in to or from headers. Programs ...
Page 39
Managing the spam filtration server 39 4.3.1.4. The eastern encodings section the eastern encodings section (see fig. 8) allows you to specify the languages and encodings of messages allowed for delivery to the recipients within your mail system without being considered spam. Figure 8. The eastern e...
Page 40
40 kaspersky anti-spam 3.0 figure 9. The obscene content section of the default filtration policy rules 4.3.2. Managing the white and black lists the list of trusted senders (white list) is used to specify explicitly the addresses acting as a reliable source of messages, which do not need a spam che...
Page 42
42 kaspersky anti-spam 3.0 ip addresses are recorded in the cidr notation, which allows the following variations: • aaa.Bbb.Ccc.Ddd – a specific ip address, for example, 192.168.0.17; • aaa.Bbb.Ccc.Ddd/mm – subnet address with a specified number and mask, for example, 192.168.0.0/16. Addresses in li...
Page 43
Managing the spam filtration server 43 service rating means the service reliability from the viewpoint of filtration server administrator. While checking a sender's ip address in dnsbl, kaspersky anti- spam sends a request to all services included in the list. As soon as the results arrive, it sums ...
Page 44
44 kaspersky anti-spam 3.0 4.3.4. Managing the list of protected domains the list of protected domains contains the names of domains receiving traffic, which will be filtered from spam that may appear in the stream of incoming messages. You can manage the list using the page at policies → common → p...
Page 45
Managing the spam filtration server 45 for domains added to the protected list the product will control compliance with the license limitations (e.G., control of mail traffic volume if the license uses a restriction of that parameter). You can also enter changes to the list of protected domains loca...
Page 46
46 kaspersky anti-spam 3.0 let us examine closely each of these tasks: in order to open the group properties' editor, click the button to the right of the title indicating the group, which you wish to modify. Figure 13. The list of groups used by kaspersky anti-spam the group properties' editor allo...
Page 47
Managing the spam filtration server 47 the group id field contains group identifier assigned to it at creation. That parameter cannot be changed. Text entered in the comments field will be displayed in the group list under the name of the created group. E-mail addresses are recorded in format identi...
Page 48
48 kaspersky anti-spam 3.0 4.3.6. Managing the group filtration policy you can specify individual settings of spam recognition parameters and black and white lists of senders for each of the groups, including all. Thus, the administrator can define various recognition rules for different user groups...
Page 49
Managing the spam filtration server 49 as you can see in the image, the group inherits all default policy settings (set to by default) except for the dns & spf checks parameter. The said method is disabled. You can create black and white lists of senders using the white list and black list links in ...
Page 50
50 kaspersky anti-spam 3.0 • delete this message – mail server accepts a message and deletes it without redirection to the recipient. Message sender then will receive no notifications informing that the delivery was impossible. Figure 16. The actions page of a group filtration policy messages with t...
Page 51
Managing the spam filtration server 51 although the product is being constantly developed in order to improve spam recognition and decrease the number of false alarms from the filter, it is not possible to eliminate altogether the probability of recognizing normal messages as spam. Therefore, you ar...
Page 52
52 kaspersky anti-spam 3.0 figure 17. The settings of kaspersky anti-spam updater module the updater settings sections contains general updating parameters: • run updater automatically – the interval between downloads of updates to the content filtration databases from update servers. The interval c...
Page 53
Managing the spam filtration server 53 • updater log level – parameter that defines the level of details logged to a report file during an update. The following levels of details are available: • fatal – the program logs messages about fatal errors only; • error – the program logs messages about all...
Page 54
54 kaspersky anti-spam 3.0 • an ftp server. Record format: ftp://; • a local directory. Record format: //. The use of a local directory as a source of updates allows you to arrange updating of several servers in a large network from a single source. The proxy server section contains parameters neces...
Page 55
Managing the spam filtration server 55 you need to configure the task running the update script manually, perform the following steps: 1. Use the following command to edit the cron task file for the mailflt3 user: # crontab –u mailflt3 –e 2. Add to the task file, for example, the following line: */2...
Page 56
56 kaspersky anti-spam 3.0 4.5.1. Common filtration server parameters common parameters of the filtration server can be found in the settings → anti- spam engine → common page (see fig. 18) that includes: • syslog facility – system log facility that will be used to record the messages from the compo...
Page 57
Managing the spam filtration server 57 freebsd for the mail facility decreases the level of details even if the verbose level parameter has been assigned the more debug value. The more debug level of details causes additional load on the server and may decrease its performance. Please use that level...
Page 58
58 kaspersky anti-spam 3.0 figure 19. Parameters of the filtration master process 4.5.3. Parameters of the filtering processes the settings → anti-spam engine → filtration process page (see fig. 20) contains the parameters of the ap-mailfilter filtering processes: • max. Number of mail messages to b...
Page 59
Managing the spam filtration server 59 • exit delay (in seconds) – maximum duration (seconds) of the delay before termination of a filtering process after it receives a command to stop. By default, the parameter is set to 0. It means that after arrival of a respective command all filtering processes...
Page 60
60 kaspersky anti-spam 3.0 • overall timeout of all dns requests (in seconds) – time interval (seconds) during which the application will wait for a response from dns server while running its dns-based checks. Default value: 10. • check ms word and rtf files –parameter that enables / disables the an...
Page 61
Managing the spam filtration server 61 4.5.5. Client module settings the settings → anti-spam engine → mta clients page (see fig. 22) contains the settings for the client plug-in modules responsible for interaction between the e-mail server and the anti-spam engine: • filtering size limit (kb) – max...
Page 62
62 kaspersky anti-spam 3.0 figure 22. The settings of client modules 4.5.6. Notifications about rejected messages if the reject this message action has been specified as the action over messages with a specific status, filtration server will not route such messages to their original recipients. Inst...
Page 63
Managing the spam filtration server 63 client : >>> client : >>> message text ... Client : >>> client : . Server : 550 the message is rejected by spam filtering engine. Client : quit server : 221 bye... Anti-spam engine will only use reject messages when message delivery to all of the specified reci...
Page 64
64 kaspersky anti-spam 3.0 • specify the address where the monitoring system will send its messages and the messages about errors that have occurred during execution of scripts by the cron service (the send alerts to parameter). • enable / disable monitoring of the kas-thttpd http server activity (t...
Page 65
Managing the spam filtration server 65 • updates to kaspersky anti-spam databases. After the license expires, the functionality of the application will still be preserved except for the possibility to update content filtration databases. You will still be able to filter spam, but you will be unable ...
Page 66
66 kaspersky anti-spam 3.0 information in the last two lines allows system administrators to control the compliance with the terms of the purchased license (validity period, specified restrictions). Depending upon the current status, the icon in the left part of the line may look as follows: – licen...
Page 67
Managing the spam filtration server 67 4.7.3. License key removal in order to remove the current and reserve license keys, enter the following in the command line: # /usr/local/ap-mailfilter3/bin/remove-key -a to remove your reserve license key, enter the following in the command line: # /usr/local/...
Page 68
68 kaspersky anti-spam 3.0 figure 26. General information about the status of kaspersky anti-spam components the system information section contains the following information about the server where kaspersky anti-spam is installed: • host name – server's name. • system – name, version and architectu...
Page 69
Managing the spam filtration server 69 4.8.1.1. Detailed information about the anti- spam engine clicking the anti-spam engine link in the monitoring menu opens a corresponding page containing detailed information about the status of the filtration server's components (see fig. 27). Figure 27. The p...
Page 70
70 kaspersky anti-spam 3.0 controls the cron tasks running these scripts for mailflt3 user. Please refer to appendix a.6 on page 115 for details. The last anti-spam engine events section contains a log of messages from the filtration server components appended to the system log (syslog). The message...
Page 71
Managing the spam filtration server 71 the anti-spam updates section in the upper part of the page consists of the following fields: • automatic updates – field indicating whether automatic updating of the content filtration databases is enabled. Please see section 4.4.1 on page 51 and appendix a.6 ...
Page 72
72 kaspersky anti-spam 3.0 figure 29. The page for monitoring of the licensing module the last license daemon events section contains a log of messages returned by the product licensing module and appended to the system log (syslog). The messages are arranged in the descending order according to the...
Page 73
Managing the spam filtration server 73 the problem is not resolved, it will also be included into the report on known issues sent once a day. • daily reports of known problems – a list of all errors and warnings known at the moment when the report was sent. The product includes into the report both ...
Page 74
74 kaspersky anti-spam 3.0 figure 30. The statistics page each of the pages in the statistics section contains statistical information for a specific period of time. Links to available pages are located in the period menu in the right part of the statistics window: • last day– statistics of processe...
Page 75
Managing the spam filtration server 75 on the circular graph the volume of email messages, that have received a similar status as a result of spam recognition, is represented by a segment of a certain color. For the purpose of visualization the segments, which size is insignificant comparing to anot...
Page 76
Chapter 5. Unistalling kaspersky anti-spam to uninstall kaspersky anti-spam, you must be a privileged (root) user. If you are currently logged under a user account with lesser privileges, log on as root. The uninstallation process will automatically stop all the services of kaspersky anti-spam! When...
Page 77
Unistalling kaspersky anti-spam 77 since product integration with communigate pro mail server is performed manually, delete from communigate pro configuration the settings pertaining to kaspersky anti-spam before you uninstall the product (see section a.2.7 on page 97). If you wish to return the ori...
Page 78
Chapter 6. Frequently asked questions this chapter is devoted to questions most frequently asked by users regarding the installation, setup, and operation of the application. A regularly updated knowledge database containing answers to most frequent questions is available at the web site of kaspersk...
Page 79
Frequently asked questions 79 question: the application does not work. What should i do? If you have encountered a problem while using the application, first of all, please make sure that the solution to this problem is not described in this document (in particular, in this section) or at the servic...
Page 80
80 kaspersky anti-spam 3.0 in the next window of the web form enter your contact information, type the code of protection against automatic registration and click the submit button. Experts at the technical support service will carefully examine your problem and help you as soon as possible. Questio...
Page 81
Frequently asked questions 81 question: kaspersky anti-spam does not filter spam. Processed messages contain the following header: x-spamtest-info: no license this problem is caused by expired license or absence of an installed license key. Make sure that the license key is installed and it has not ...
Page 82
Appendix a. Additional information on kaspersky anti-spam a.1. Location of product files in the file system after the installation of kaspersky anti-spam, the distribution files will be saved to the following locations: /usr/local/ap-mailfilter3/ – the main directory where the product is installed. ...
Page 83
Appendix a 83 • stat/ – the directory containing data files of log processing and statistics gathering system; • tmp/ – the directory that stores temporary files of the control center; • www/ – cgi-scripts and graphic files used by the control center’s web interface. • etc/ – the directory containin...
Page 84
84 kaspersky anti-spam 3.0 1. The client module receives a mail message from the mail server and sends a request for connection to the filtering server. 2. The master process selects an already running filtering process or creates a new one, and establishes a connection between the client module and...
Page 85
Appendix a 85 • tempfail – temporarily reject a message and return the error code 4xx during smtp session (used by default); • accept – accept the message. When using sendmail mail server, accept denotes that a message should be accepted without further processing by other milter-filters employed by...
Page 86
86 kaspersky anti-spam 3.0 manual configuration of the client module is done by editing the filter.Conf configuration file located in the /usr/local/ap-mailfilter3/etc/ directory. The following is a fragment of this file containing the client module settings: clientconnectto tcp:127.0.0.1:2277 clien...
Page 87
Appendix a 87 and the rules defined for the managers group state that all messages with not detected status should be accepted. As a result, the mail message with [!! Spam] tag in the subject line is delivered to the both recipients. The message contains the following headers: x-spamtest-status-exte...
Page 88
88 kaspersky anti-spam 3.0 figure 32. The kas-pipe module usage scheme this scheme can be implemented with any mail server that either supports running a second instance with different settings, or delivers via lmtp protocol, or delivers all mail to the specified mail server through smtp. Configurat...
Page 89
Appendix a 89 • pipeoutgoingaddr – socket address used for transfer of processed messages. An entry in the format tcp::, where – filtering server’s ip address, – connection port, points to a network socket. And entry in format unix:, where – the path to socket file, points to a local socket. An entr...
Page 90
90 kaspersky anti-spam 3.0 a.2.4.1. Configuring postfix to work with kas- pipe this section provides an example of the kas-pipe configuration for the postfix mail server that implements the following operational scheme: • kas-pipe acts as a content filter (content_filter); • kas-pipe receives mail t...
Page 91
Appendix a 91 user=mailflt3 argv=/usr/local/ap-mailfilter3/bin/ kas-pipe 127.0.0.1:9025 inet n - n - 25 smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o sm...
Page 92
92 kaspersky anti-spam 3.0 the kas-pipe client module integrated into exim processes mail messages according to the following scheme: 1. Exim receives incoming messages at port 25 and places them to a queue. 2. Exim selects a message from the queue and tries each router in the list to determine the ...
Page 93
Appendix a 93 for the debian distribution package, the integration with exim has a number of specific features because the configuration of the mail server is generated by a special script update-exim4.Conf from the template /etc/exim4/exim4.Conf.Template or from several templates located in the /et...
Page 94
94 kaspersky anti-spam 3.0 a.2.5. Kas-exim – a client module for the exim mail server the kas-exim module provides integration of kaspersky anti-spam with the exim mail server version 4.Xx using localscan api. The kas-exim module is used as an alternative solution. For a standard installation, integ...
Page 95
Appendix a 95 this fragment contains the following options: • kas_connect_to – address of the socket for interacting with the filtering server. The address format is tcp::, where is the ip-address of the filtering server, is a port specifying the network socket; the record in the format unix:, where...
Page 96
96 kaspersky anti-spam 3.0 a.2.6. Kas-qmail – client module for the qmail mail server the kas-qmail module provides integration of kaspersky anti-spam with the qmail mail server. When this module is used, the mail traffic is processed using the following algorithm: 1. The qmail-queue module of qmail...
Page 97
Appendix a 97 in addition to the options provided in appendix a.2.2, this file contains the qmailoriginalqueue option that specified the full path to the original qmail- queue module. To configure qmail to work with the kas-qmail client module, do the following: 1. Rename the original file of the qm...
Page 98
98 kaspersky anti-spam 3.0 below is a fragment of the filter.Conf file that contains settings of the client module: clientconnectto tcp:127.0.0.1:2277 clientconnecttimeout 10 clientdatatimeout 30 cgprosubmittedfolder submitted cgpromaxthreadcount 50 cgproloopheader x-proceed_240578_by_spamtest cgpro...
Page 99
Appendix a 99 data: message size operation: less than parameter: 512000 action: external filter parameters: kas-cgpro specific features of using kas-cgpro with communigate pro: • during an smtp session, the kas-cgpro client module cannot reject an incoming message for which the reject this message a...
Page 100
100 kaspersky anti-spam 3.0 a.3.1. Main configuration file filter.Conf the configuration file /usr/local/ap-mailfilter3/etc/filter.Conf contains that regulate operation of all kaspersky anti-spam components (excluding the updating module). General settings: • rootpath – path to the kaspersky anti-sp...
Page 101
Appendix a 101 • serversparefilters – minimum number of idle filtering processes (not processing messages). If the number of processes exceeds the specified limit, the idle processes are forcedly ended. The default value is 0. The serversparefilters value must not exceed the servermaxfilters paramet...
Page 102
102 kaspersky anti-spam 3.0 • filterspfdatatimeout=1..10 – timeout (in seconds) for read / write operations for the interaction socket used by the filtering process with the spf daemon. The default value is 1. • filterdnstimeout=1...60 – timeout (in seconds) for performing all possible checks using ...
Page 103
Appendix a 103 • licenseidletimeout=1...100 – maximum time (in seconds), during which the licensing module can maintain connection with an idle filtering process that sends no data. After this timeout is over and if no requests are received from the filtering process, the connection is terminated. T...
Page 104
104 kaspersky anti-spam 3.0 • reject – reject the message and return the 5xx code during an smtp session; • tempfail – temporarily reject the message and return the 4xx code during an smtp session (used by default); • accept – accept the message. • clientdefaultdomain – name of the mail domain subst...
Page 105
Appendix a 105 this file has the following options: • user – the rights of this user are used to run management center scripts. It is better not to change the default value of mailflt3, because this might result in incorrect system behavior. • host – ip address of the interface on which the web serv...
Page 106
106 kaspersky anti-spam 3.0 • –с – option that specifies that it is necessary to create a new file with passwords. If the value for this option is not set, the password_file option should be set to an existing file. • –h – outputs to the console information about the utility. A.4.2. Kas-show-license...
Page 107
Appendix a 107 • –v – instruction to provide more verbose information in the messages output to the console in comparison with the default level. • –v – instruction to use the specified level of details for the messages output to the console. Possible values: 1...10. • –l – instruction to use higher...
Page 108
108 kaspersky anti-spam 3.0 • –l – instruction to use higher level of details for messages added to system log in comparison with the default level; • –l – – instruction to use the specified level of details for the messages added to system log. Possible values: 1...10; • –c redefines the path to th...
Page 109
Appendix a 109 • –q – enables “silent” mode, when only error messages and warning are output to the screen; • –d – displays a detailed report about the operations performed by the utility; • –v – instruction to provide more verbose information in the messages output to the console in comparison with...
Page 110
110 kaspersky anti-spam 3.0 • –l – saves the report about actions performed by the utility to the file defined by the log_file parameter. • –q – enables “silent” mode, when only error messages and warning are output to the screen. • –v – outputs to the console all messages related to compilation. • ...
Page 111
Appendix a 111 # /usr/local/ap-mailfilter3/bin/sfupdates \ [-c ] [-f] [-k ] [-s]\ [-q] [-v] [-d] [-v ] [-l]\ [-l ] [-h] command line options: • –c – redefines the path to the filter.Conf configuration file. If filter.Conf is located in a directory other than the default, specify a complete path to t...
Page 112
112 kaspersky anti-spam 3.0 a.5. Special headers of the filtering module during processing email messages, kaspersky anti-spam adds the following headers to processed messages: • x-spamtest-version – header that contains information about the version of the kaspersky anti-spam distribution package. ...
Page 113
Appendix a 113 header meaning description blacklisted the sender of this message is in the black list of senders. Spam message is classified as spam. Probable_spam message is classified as probably spam. Formal message is classified as a formal response of the mail server. Not_detected message is no...
Page 114
114 kaspersky anti-spam 3.0 • x-spamtest-method – header that contains the names of methods whose results were used to assign the status to a message. Possible meanings of this header are listed in the table below. Meaning method white ip list filtering by the white list of ip addresses. White email...
Page 115
Appendix a 115 meaning method the status. None no one of these methods allows to classify the message. Such messages receive the not detected status. A.6. Configuration using cron service successful operation of kaspersky anti-spam requires that you run a set of scripts using the cron service for th...
Page 116
116 kaspersky anti-spam 3.0 startup command: /usr/local/ap-mailfilter3/control/bin/dologs.Sh –q recommended startup frequency: once a minute. • script for updating statistic diagrams. This script creates diagrams for the statistics of processed messages. The diagrams are displayed in the statistics ...
Page 117
Appendix a 117 • add a list of paths to the main system utilities, including the sendmail 2 utility, as the value of the path variable. The default value is /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin. • specify the address to which messages about script execution will be sent. The ...
Page 118
Appendix b. How to send spam messages to spam analysts kaspersky lab thanks all users who send new examples of spam messages to the group of our spam analysts. These spam messages help us respond faster to new methods of spam distribution and block them as early as they appear. You can also send us ...
Page 119
Appendix b 119 the selected messages as the attachments to the new message. 2. To forward spam using the bat! Mail client, do the following: • if you want to manually forward a message, select one or several spam messages and click alternative forward. This command is located in the specials menu on...
Page 120
Appendix c. Kaspersky lab founded in 1997, kaspersky lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious pro...
Page 121
Appendix c 121 c.1. Other kaspersky lab products kaspersky lab news agent the news agent is intended for timely delivery of news published by kaspersky lab, notifications about the current status of virus activity, and fresh news. The program reads the list of available news feeds and their content ...
Page 122
122 kaspersky anti-spam 3.0 • select standard/extended databases for scanning • save a report on the scanning results in .Txt or .Html formats kaspersky anti-virus ® 6.0 kaspersky anti-virus 6.0 is designed to safeguard personal computers against malicious software as an optimal combination of conve...
Page 123
Appendix c 123 the anti-virus protection features include: • anti-virus scanning of e-mail traffic on the level of data transmission protocol (pop3, imap and nntp for incoming mail and smtp for outgoing messages), regardless of the mail client being used. The program includes plug-ins for popular e-...
Page 124
124 kaspersky anti-spam 3.0 kaspersky anti-virus mobile kaspersky ® anti-virus mobile provides antivirus protection for mobile devices running symbian os and microsoft windows mobile. The program provides comprehensive virus scanning, including: • on-demand scans of the mobile device's onboard memor...
Page 125
Appendix c 125 • remote administration of the software package, including centralized installation, configuration, and administration; • saving backup copies of infected and deleted objects in case you need to restore them; • quarantining suspicious objects; • send notifications on events in program...
Page 126
126 kaspersky anti-spam 3.0 • remote administration of the software package, including centralized installation, configuration, and administration; • support for cisco ® nac (network admission control); • scanning of e-mail and internet traffic in real time; • blocking of popup windows and banner ad...
Page 127
Appendix c 127 • proactive defense for workstations from new malicious programs whose signatures are not yet added to the database; • scanning of e-mail and internet traffic in real time; • personal firewall with intrusion detection system and network attack warnings; • protection while using wi-fi ...
Page 128
128 kaspersky anti-spam 3.0 • secure operation while using wi-fi networks; • scans internet traffic in real time; • rollback for malicious system modifications; • dynamic resource redistribution during complete system scans; • quarantining suspicious objects; • an extensive reporting system on prote...
Page 129
Appendix c 129 • filters internet traffic using a trusted server list, object types, and user groups; • iswift technology to avoid rescanning files within the network; • dynamic resource redistribution during complete system scans; • personal firewall with intrusion detection system and network atta...
Page 130
130 kaspersky anti-spam 3.0 • processes e-mails, databases, and other objects for lotus notes/domino servers; • filters e-mails by attachment type; • quarantines suspicious objects; • easy-to-use administration system for the program; • prevents virus outbreaks; • monitors protection system status u...
Page 131
Appendix c 131 kaspersky ® anti-spam kaspersky ® anti-spam is a cutting-edge software suite designed to help organizations with small- and medium-sized networks wage war against the onslaught of unsolicited e-mail messages (spam). The product combines the revolutionary technology of linguistic analy...
Page 132
Appendix d. Third party software in the process of development of kaspersky anti-spam 3.0, the following third party software was used: berkeley db 1.85 library can be used on the following terms and conditions: copyright (c) 1990, 1993, 1994 the regents of the university of california. All rights r...
Page 133
Appendix d 133 libjpeg 6b library can be used on the following terms and conditions: legal issues ============ in plain english: 1. We don't promise that this software works. (but if you find any bugs, please let us know!) 2. You can use this software for whatever you want. You don't have to pay us....
Page 134
134 kaspersky anti-spam 3.0 we specifically permit and encourage the use of this software as the basis of commercial products, provided that all warranty or liability claims are assumed by the product vendor. Ansi2knr.C is included in this distribution by permission of l. Peter deutsch, sole proprie...
Page 135
Appendix d 135 modify, merge, publish, distribute, sublicense, and/or sell copies of the software, and to permit persons to whom the software is furnished to do so, subject to the following conditions: the above copyright notice and this permission notice shall be included in all copies or substanti...
Page 136
136 kaspersky anti-spam 3.0 thttpd web-server can be used on the following terms and conditions: copyright 1995,1998,1999,2000,2001 by jef poskanzer . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following condi...
Page 137
Appendix d 137 licenses and copyright statments in these functions if you are using an os that needs these functions. The two-clause bsd license: redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistri...
Page 138
138 kaspersky anti-spam 3.0 4. Neither the name of the university, merit network, nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. This software is provided by the regents and contributors "as is" and...
Page 139
Appendix d 139 this software is provided by the copyright holders and contributors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright owner or con...
Page 140
140 kaspersky anti-spam 3.0 zlib library can be used on the following terms and conditions: zlib.H -- interface of the 'zlib' general purpose compression library version 1.1.3, july 9th, 1998 copyright (c) 1995-1998 jean-loup gailly and mark adler this software is provided 'as-is', without any expre...
Page 141
Appendix d 141 purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the softwar...
Page 142
142 kaspersky anti-spam 3.0 b) redistributions are accompanied by a copy of the source code or by an irrevocable offer to provide a copy of the source code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of th...
Page 143
Appendix d 143 6. Disclaimer/limitation of liability: this software is provided by sendmail, inc. And contributors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event ...
Page 144
144 kaspersky anti-spam 3.0 4. The names "openssl toolkit" and "openssl project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl- core@openssl.Org. 5. Products derived from this software may n...
Page 145
Appendix d 145 copyright remains eric young's, and as such any copyright notices in the code are not to be removed. If this package is used in a product, eric young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program sta...
Page 146
146 kaspersky anti-spam 3.0 freebsd libc library can be used on the following terms and conditions: copyright (c) 1992-2005 the freebsd project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions ...
Page 147
Appendix d 147 the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the author be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or s...
Page 148
Appendix e. License agreement end user license agreement notice to all users: carefully read the following legal agreement ("agreement") for the license of specified software ("software") produced by kaspersky lab ("kaspersky lab"). If you have purchased this software via the internet by clicking th...
Page 149
Appendix e 149 the right to return and refund extends only to the original purchaser. All references to "software" herein shall be deemed to include the software activation key ("key identification file") with which you will be provided by kaspersky lab as part of the software. 1. License grant. Sub...
Page 150
150 kaspersky anti-spam 3.0 1.1.4 you shall not make error corrections to, or otherwise modify, adapt, or translate the software, nor create derivative works of the software, nor permit any third party to copy the software (other than as expressly permitted herein). 1.1.5 you shall not rent, lease o...
Page 151
Appendix e 151 may terminate this agreement at any point by destroying all copies of the software and the documentation. 3. Support. (i) kaspersky lab will provide you with the support services ("support services") as defined below for a period of one year following: (a) payment of its then current ...
Page 152
152 kaspersky anti-spam 3.0 information, but without limitation to the foregoing shall use best endeavours to maintain the security of the key identification file. 6. Limited warranty. (i) kaspersky lab warrants that for six (6) months from first download or installation the software purchased on a ...
Page 153
Appendix e 153 (a) loss of revenue; (b) loss of actual or anticipated profits (including for loss of profits on contracts); (c) loss of the use of money; (d) loss of anticipated savings; (e) loss of business; (f) loss of opportunity; (g) loss of goodwill; (h) loss of reputation; (i) loss of, damage ...