User Guide

Architecture of Kaspersky Anti-Spam and principles of spam filtering 17

• HTML (2.0, 3.0, 3.2, 4.0, XHTML 1.0)

• Microsoft Word (versions 6.0, 95/97/2000/XP)

• RTF.

The purpose of spam filtering is to decrease the volume of unwanted

messages in the mailboxes of your users. It is impossible to guarantee

detection of all spam messages because too strict criteria would

inevitably cause filtering of some normal messages as well.

The application uses three main methods to detect messages with suspicious

content:

• Text comparison with semantic samples of various categories (based

on the search for key terms (words and word combinations) in message

body and their subsequent probabilistic analysis). The method provides

for heuristic search for typical phrases and expressions in text.

• Fuzzy comparison of a message being examined with a collection of

sample messages based on comparison of their signatures. The method

helps detect modified spam messages.

• Analysis of attached images.

All the data employed by Kaspersky Anti-Spam for content filtering: classification

index (a hierarchical list of categories), typical terms, etc. are stored in its content

filtration databases.

The group of spam analysts at Kaspersky Lab works nonstop to

supplement and improve the content filtration databases. Therefore,

you are advised to update the databases regularly (see section 4.4 on

page 52).

You can also send to Kaspersky Lab samples of spam messages,

which Kaspersky Anti-Spam has failed to recognize as well as the

samples of messages erroneously classified as spam. The data will

help us improve the content filtration databases and react in a timely

manner to new types of spam. Please refer to Appendix B for details

on forwarding sample messages.

2.2.3. Checks using external services

In addition to the analysis of message text and headers, Kaspersky Anti-Spam

allows a number of the following checks involving external network services: