Concerning to:Kaspersky Security 5.5 for Microsoft Exchange Server 2003Kaspersky Anti-Spam 2.0Kaspersky Mail Gateway 5.5Kaspersky Anti-Spam 3.0
Sent messages are processed by spam-analytics in real-time mode. Of course, if it is not detected by the filter. Because the message detected as spam is not delivered and the spam-analytic does not see it.
The message can sometimes not be detected as spam. The delay depends on the update procedure, including the update schedule set by the user.
One of the main problems when analyzing the message is damaged headings of the sent messages. Entire message or part of the message is not added to the database. Headings of the messages are analyzed as well. When being sent via MS Outlook even as attachments the headings can be crashed or damaged. The same concerns the messages received via Exchange or Lotus. It is better to send your spam samples via MS Outlook Express or other mail clients.
Still it should not be considered the messages are of no use. The matter is a message is added to the database if several samples of the same message are received. When the necessary amount of the same messages is achieved, the spam-analytic will find among them the message with the not damaged heading and will add it to the database of the content filtering.
Another problem is polymorphic spam. This kind of messages changes once in several days. IP, URL and even the HTML structure of the message change too. While their external structure remains the same. Usually these are messages “about Viagra”, free software, etc. The sent sample is added to the databases, but each sent message differs from the previous one. That is why it can be not detected. Anyway each message should be dealt with individually.
Meanwhile the developers are working over the spam algorithm which will allow detect spam delivery. Helpful links
Kaspersky Anti-Spam 2.0 passes too much SPAM