User Guide
36 Kaspersky Anti-Spam 2.0 Enterprise Edition / ISP Edition
4.4.1.1. Detection of spam attributes: analysis of
message headers
Formal spam attributes – "suspicious" headers and their combinations are
detected at the first stage of message processing. A "hidden" common profile
Analyze Message Headers, stored in the hidden/formal.xml file is used for this
purpose.
For example, if there is a significant number of spaces at the end of the Subject
header followed by a meaningless letter sequence such as 'TVIWEGEQO', this
message is probably spam.
The Bat! mail program does not provide the
X-MSMail-Priority header, therefore
the presence of such header along with the
X-Mailer: The Bat!... in a message is
an attribute of spam.
Rules that detect spam messages by analyzing their headers are complicated
and making even small changes to them may result in a great number of false
alarms. Therefore we have not provided the possibility of editing the
Analyze
Message Headers
profile via WebConfigurator.
We do not recommend editing this profile manually. If you decided to do
it, please exercise EXTREME care!
In addition, this profile can be automatically updated through the Internet.
If you decide to support this profile independently and do not need
automatic profile updates downloads, delete the
ALLOW_UPDATES=yes
string in the beginning of the hidden/formal.xml
file.
The following specific headers are added to the message at the end of this
stage:
•
X-SpamTest-Method – The header containing information about the
headers identified as "suspicious";
•
X-SpamTest-Info – The header containing information about particular
problems detected.
4.4.1.2. Message evaluation
Execution of this stage is determined by the following common profiles:
•
Spam Detection Standard (the detect-standard.xml file). This profile is
activated by default after installation of the filter;