If this check box is selected, Anti-Virus protection of a Microsoft Exchange server deployed in the Hub Transport role is enabled.

If this check box is cleared, Anti-Virus protection of a Microsoft Exchange server deployed in the Hub Transport role is enabled.

The check box is selected by default.

The drop-down list Infected object lets you select the action to be taken by the application upon detecting an infected object.

The following options are available:

• Allow. The application delivers the message with the infected object to the recipient unchanged.

  If the Add label to message header and Tag for external recipients check boxes are selected, the application adds an extra text (tag) to the message subject. The Add label to message header check box adds a tag to messages for internal recipients, while the Tag for external recipients check box adds a tag for external recipients. The tag text can be edited. Default tag value: [Infected object detected].

• Delete object. The application attempts to disinfect the infected object. If disinfection has failed, the application deletes the infected object and delivers the message to the recipient.

  If the Add label to message header and Tag for external recipients check boxes are selected, the application adds an extra text (tag) to the message subject. The Add label to message header check box adds a tag to messages for internal recipients, while the Tag for external recipients check box adds a tag for external recipients. The tag text can be edited. Default tag value: [Infected object deleted].

• Delete message. The application completely deletes the message containing the infected object.

Saves a copy of the original message in Backup.

If this check box is selected, the application saves a copy of the message in Backup in the following cases:

• Before deleting the message
• Before deleting the attachment

If this check box is cleared, the application saves no copy of the object in Backup.

The check box is selected by default.

Enables filtering of attached files in email messages.

If the check box is selected, the Add rule button becomes available. By clicking this button, you can configure rules by which the application will filter attachments in email messages.

The application applies the action configured in the filtering settings to the objects it detects (skips the message, deletes the attachments, deletes objects from the attachments, or deletes the message).

If an attached file of a message match the parameters of multiple rules, the application will apply the rule with the most strict parameters: delete the message, delete the attached object, or delete the entire attachment.

If the check box is cleared, attachment filtering is disabled.

The check box is cleared by default.

If the check box is selected, same-type message filtering is enabled.

If the check box is cleared, same-type message filtering is disabled.

The check box is cleared by default.

The maximum number of same-type messages that can be sent by an internal user during a specific period of time. If the number of messages exceeds the value specified in the entry field, the application performs the action defined in the settings: deletes excess messages or delivers them to the recipient while adding the corresponding X header.

The application keeps a separate tally of the number of messages for each Security Server.

The default value is – 100.

The time period (in minutes) corresponding to the limit on the number of same-type messages sent by an internal user.

The default value is – 30.

The Apply the limit to the following types of messages section lets you specify the attribute by which the application identifies messages as the same type and applies the set limit. You can select one of the following options:

• All messages;
• Messages with the same subject;
• Messages with the same attachment;
• Messages with the same subject or attachment.

Having the same subject refers to an exact match of the subject of messages (with matching cases).

Having the same attachment refers to an exact match of the extension and name of file attachments (with matching cases).

The default value is All messages.

In this drop-down list, you can select the action taken by the application on same-type messages of a quantity that exceeds the set limit:

• Allow. The application allows forwarding of messages to recipients.
• Delete message. The application deletes excess same-type messages. This is the default option.

  Deleted messages cannot be recovered.

To receive information about same-type messages sent by an internal user that exceed the set limit, you can configure notifications or logging of events to the Windows Event log.

If this check box is selected, you can specify internal senders that will be added to the list of exclusions from same-type message filtering. The application does not apply set limits to messages that are sent from the email addresses specified in the list of exclusions. You can create a list of email addresses of senders, using the entry field and the buttons listed below.

You can add both individual email addresses (for example, user@mail.com) and email address masks (for example, *@domain.net) to the list.

The following buttons are designed for creating a list:

•  - add the record from the entry field to the list.
•  – remove the selected record from the list.
•  – export the list to a file.
•  – import the list from a file.

If the check box is cleared, the entry field, buttons, and the list are unavailable.

The check box is cleared by default.

Enables / disables scanning of incoming messages for spam using the Anti-Spam module.

If the check box is selected, the application scans incoming messages for spam.

If this check box is cleared, incoming messages are not scanned for spam.

The check box is selected by default.

The slider sets the sensitivity level of the anti-spam scanning. Anti-Spam takes the value of this setting into account when categorizing a message as spam or probable spam.

The following sensitivity levels of message analysis for spam are available:

• maximum. This sensitivity level should be used if you receive spam very often. When you select this sensitivity level, the frequency of false positives rises: i.e., useful mail is more often recognized as spam.
• high. This level should be used if you rarely receive spam. When you select this level, the frequency of useful email recognized as spam reduces (as compared against the maximum level). The scan speed increases.
• low. This sensitivity level provides an optimal combination of scanning speed and quality. When you select this level, the frequency of useful email recognized as spam reduces (as compared against the high level). The scan speed increases.

  This sensitivity level is set by default.

• minimum. This sensitivity level should be used if you receive spam rarely.

This slider is available if the Enable anti-spam scanning of messages check box is selected.

The table consists of rows containing status tags that can be assigned to a message by Anti-Spam and columns containing the actions taken by the application on messages with the corresponding status tags. This table is available if the Enable anti-spam scanning of messages check box is selected.

The table contains the following message status tags:

• Spam. The application has considered the message to be spam.

  Unsolicited mass e-mail, most often containing advertising messages.

• Probable spam. The application has considered the message to be possible spam.

  A message that cannot be unambiguously considered spam, but has several spam attributes (e.g., certain types of mailings and advertising messages).

• Formal notification. The application has considered the message to be a formal notification.

  Message that is automatically generated and sent by mail clients or robots (for example, informing about the impossibility to deliver a message, or confirming user registration on a web resource).

• Address blacklisted. The message sender is included in the black list of senders.
• Mass mail. The application has considered the message to be bulk email delivery.

The following settings can be configured for each status tag in the corresponding table columns:

• The Action drop-down list lets you select the action to be taken by the application on messages with a status tag assigned by Anti-Spam. The following operations are available for selection:
  • Allow. The application delivers the message to the recipient. This action is selected by default for all status tags.
  • Reject. The application does not deliver the message to the recipient. An error message is returned to the sending server (error code 500).
  • Delete. The application does not deliver the message to the recipient. The sending server receives a notification that the message has been sent (error code 250).
• Add SCL value check box.

  If the check box is selected, the application supplements the message with the spam confidence level (SCL). The SCL rating can be a number ranging from 0 to 9. A higher SCL rating means a higher probability of spam content in a message. By default, the check box is selected for the Spam, Probable spam, Address blacklisted, and Mass mail statuses.

  Spam Confidence Level is a special tag used by Microsoft Exchange mail servers to measure the spam probability of a message. The SCL rating can range from 0 (minim probability of spam) to 9 (the message is most probably spam). Kaspersky Security can change the SCL rating of a message depending on the message scan results.

• Save copy check box.

  If the check box is selected, the application saves a copy of the message in Backup. The check box is cleared for all status tags by default.

• Add label to message header check box.

  If this check box is selected, the application adds the text (tag) appearing in the entry field next to the check box, to the message subject. The tag text can be edited. By default, the check box is selected for the Spam, Probable spam, Address blacklisted, and Mass mail statuses.

If the check box is selected, the application scans incoming messages for phishing links.

If this check box is cleared, incoming messages are not scanned for phishing links.

This check box is available if the Enable anti-spam scanning of messages check box is selected.

The check box is selected by default.

This table contains a string with settings, which define actions that the application takes on messages with the Phishing status. This table is available if the Enable anti-spam scanning of messages check box is selected.

The string contains the following settings:

• The Action dropdown list allows you to select an action to be taken by the application on messages with the Phishing status.
  • Allow. The application delivers the message to the recipient. This action is selected by default.
  • Reject. The application does not deliver the message to the recipient. An error message is returned to the sending server (error code 500).
  • Delete. The application does not deliver the message to the recipient. The sending server receives a notification that the message has been sent (error code 250).
• Add SCL and PCL rating check box.

  If this check box is selected, the application adds a spam confidence level (SCL) rating of 9 and a phishing confidence level (PCL) rating of 8 to the message. The check box is selected by default.

• Save copy check box.

  If the check box is selected, the application saves a copy of the message in Backup. The check box is cleared by default.

• Add label to message header check box.

  If this check box is selected, the application adds the text (tag) appearing in the entry field next to the check box, to the message header. The tag text can be edited. The check box is selected by default.

Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to the Kaspersky online knowledge base that contains information about the reputation of files, web resources, and software. Kaspersky Security Network is intended for improving detection of viruses and other threats, spam and phishing links, as well as for receiving statistics used to detect threats.

If you do not want to transmit data of your organization over the Internet, you can use the Kaspersky Private Security Network service.

Kaspersky Private Security Network (KPSN) is a solution that lets you receive access to Kaspersky Security Network data via a server located within your organization's network. KPSN enables Kaspersky applications to receive access to the online Kaspersky Knowledge Base for information about the reputation of files, web resources, and software. KPSN does not transmit statistics and files to Kaspersky. For more detailed information, please refer to the Kaspersky Private Security Network Administrator's Guide.

The Kaspersky Private Security Network service was designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:

• Servers have no Internet connection
• Legislative ban on transmitting any data outside of the country
• Corporate security requirements imposed on the transmission of any data outside of the corporate LAN

If this check box is selected, the application uses data from Kaspersky Security Network during a scan.

If this check box is cleared, Kaspersky Security Network is not used.

The check box is cleared by default.

The Use Kaspersky Security Network check box is available if the I accept the KSN Statement option is selected in the KSN Settings section in the Settings node. Use Kaspersky Security Network or the Use Kaspersky Private Security Network (KPSN) option. All settings of the Kaspersky Security Network service are applied to the Kaspersky Private Security Network service.

The maximum time of waiting for a response to a request of Kaspersky Security Network server (in seconds).

The default value is 5 sec.

This setting is available if the Use Kaspersky Security Network check box is selected.

Use of the Reputation Filtering service in Anti-Spam scans.

If this check box is selected, the application uses the Reputation Filtering service during Anti-Spam scanning.

If this check box is cleared, Reputation Filtering service is not used.

The check box is cleared by default.

This setting is available if the Use Kaspersky Security Network check box is selected.

Use of Enforced Anti-Spam Updates Service.

If the check box is selected, the application uses the Enforced Anti-Spam Updates Service during Anti-Spam scanning.

If the check box is cleared, the Enforced Anti-Spam Updates Service is not used.

The check box is selected by default.

Enables / disables scanning of outgoing messages for spam and phishing content using the Anti-Spam module. If messages containing spam are being sent from a specific address in your organization, this could mean that a specific computer in your organization is infected with a virus.

If the Anti-Spam module detects a message that contains spam or phishing content, the message status takes the value Spam or Phishing. The application deletes the outgoing message containing the detected spam or phishing content while saving a copy of the outgoing message in Backup.

The Sender type field for outgoing messages in Backup has the value Internal. To determine whether or not a specific computer distributing spam or phishing content in your organization is infected, you can view the list of copies of outgoing messages in Backup, the list of events in the Windows Event Log, or the list of events in the Kaspersky Security Center Event Log.

The Anti-Spam Module scans outgoing mail messages addressed to external email addresses. The module does not scan messages related to the following categories:

• Messages addressed to internal email addresses.
• Messages for which the addresses of message recipients are in the white list.

The Anti-Spam Module determines the message status based on the text content and the message header. In the scan results, the application accounts for only the presence of spam or phishing content in messages to which the Anti-Spam Module assigned the status of Spam or Phishing. In the scan results, the application does not take into account positives in messages with the following statuses:

• Probable spam. The message is probable spam.
• Formal notification. The message is a formal notification.
• Mass mail. The message is mass mail.

  Mass email messages authorized by the recipients, most often containing advertising messages.

The Reputation Filtering service is not used when scanning outgoing messages for spam and phishing.

If the check box is selected, the application scans outgoing messages for spam and phishing content.

If this check box is cleared, outgoing messages are not scanned for spam and phishing content.

The check box is cleared by default.

Clicking this button opens the White list record settings window in which you can add to the white list the address of a recipient or group of recipients for whom the application must not scan messages for spam and / or bulk email delivery.

Clicking this button opens the White list record settings window in which you can add to the white list the address of a recipient or specify a mask for a group of recipients from whom the application must not scan messages for spam and / or bulk email delivery.

Clicking this button opens the White list record settings window in which you can edit the settings of a selected record on the white list.

Clicking this button deletes one or several selected records from the white list.

This table contains records with sender and recipient addresses that have been added to the white list.

The table records contain the following information:

• Type—Type of the address added to the white list:
  • —Email address
  • —IP address Only for sender addresses.
  • —Active Directory user Only for recipient addresses.
  • —Active Directory user group Only for recipient addresses.
• Address—Email address, email address mask, IP address, or Active Directory object that defines senders or recipients of messages that the application will not scan for spam and / or bulk email delivery
• Destination—Address purpose:
  • Sender—The record excludes messages sent from the specified address from the scan for spam and / or bulk email delivery.
  • Recipient—The record excludes messages sent to the specified address from the scan for spam and / or bulk email delivery.
• Scope—Details of scans from which the record excludes messages with the specified senders or recipients:
  • Spam, phishing, and mass email—The record excludes messages from the scan for spam and bulk email delivery.
  • Mass mail—The record only excludes messages from the scan for bulk email delivery.
• Modified by—account of the user who made the latest change to the record.
• Changed on—Date the record was last changed (UTC).
• Comment—Additional record details. For example, you can specify the reason for adding an address to the white list.

Clicking this button allows you to export records from the white list to a file. White list records are saved in a file with the wlist extension.

Clicking this button allows you to add records from a file to the white list. Import supports the following file types:

• wlist—XML files that contain exported white list records.
• txt—Text files that contain email addresses or masks listed line by line

When importing addresses from a TXT file, records that you are adding take the following values for settings:

• Purpose = Sender
• Scope = Spam and bulk email delivery

Clicking this button opens the Black list record settings window in which you can add to the black list the address of a sender or specify a mask for a group of senders from whom the application must process messages according to the settings defined for messages with the Address blacklisted status.

Clicking this button opens the Black list record settings window in which you can edit the settings of the selected record from the black list.

Clicking this button allows you to delete one or several selected records from the black list.

This table contains records with sender addresses that have been added to the black list.

The table records contain the following information:

• Type—Type of the address added to the black list:
  • —Email address
  • —IP address
• Address—Email address, email address mask, or IP address, which defines senders from which the application will process messages in accordance with the settings defined for the Address blacklisted status.
• Modified by—account of the user who made the latest change to the record.
• Changed on—Date the record was last changed (UTC).
• Comment—Additional record details. For example, you can specify the reason for adding an address to the black list.

Clicking this button allows you to export records from the black list to a file. Black list records are saved in a file with the blist extension.

Clicking this button allows you to add records from a file to the black list. Import supports the following file types:

• blist—XML files that contain exported black list records
• txt—Text files that contain email addresses or masks listed line by line

If the check box is selected, the application increases the spam rating of a message with an empty "To" field (a sign that the message has been sent to a list of blind carbon copied recipients).

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is selected by default.

If the check box is selected, the application increases the spam rating of a message with numbers in the sender's address (a sign of automatically generated addresses).

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is selected by default.

If the check box is selected, the application increases the spam rating of a message with no domain in the sender's address (a sign of a spam sending application at work).

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is selected by default.

If the check box is selected, the application raises the spam rating of a message with a subject longer than 250 characters (a sign of spam).

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is selected by default.

If the check box is selected, the application raises the spam rating of messages with a subject containing multiple blanks and/or dots (a sign of spam).

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is selected by default.

If the check box is selected, the application raises the spam rating of a message with a subject containing a time stamp (or a digital ID).

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is selected by default.

If the check box is selected, the application raises the spam rating of a message written in this language.

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is cleared by default.

If the check box is selected, the application raises the spam rating of a message written in this language.

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is cleared by default.

If the check box is selected, the application raises the spam rating of a message written in this language.

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is cleared by default.

If the check box is selected, the application raises the spam rating of a message written in this language.

If the check box is cleared, the application does not increase the spam rating of the message.

The check box is cleared by default.

If this check box is selected, when scanning messages for spam, the application takes account of the results returned by external services that scan IP addresses and URL addresses for spam.

If the check box is cleared, when scanning messages for spam the application does not use external services that scan IP addresses and URL addresses for spam.

The check box is selected by default.

If the check box is selected, Anti-Spam scans messages using a custom list from the selection of DNSBL black lists shown below.

If the check box is selected, you can form a custom list of DNS names of servers and assign weighting coefficients to them.

The following buttons are designed for creating a list:

• – adds the record appearing in the entry field to the custom list.
• – removes the selected record from the custom list.
• – exports the custom list to file.
• – import the custom list from file.

If the check box is cleared, the buttons and the list are unavailable, and Anti-Spam does not use the custom list during scanning.

The check box is cleared by default.

The DNS name of the server that you want to add to the DNSBL or SURBL custom black list.

This entry field is available if the Use set of DNSBL black lists or Use set of SURBL black lists check box is selected.

The weighting coefficient of a DNSBL server or SURBL server from the custom list. It can range from 1 to 100.

If the sum of all custom list servers that have responded is greater than 100, the probability that the message is spam increases. If the sum is smaller than 100, the spam rating of the message is not increased.

This field is available if the Use set of DNSBL black lists or Use set of SURBL black lists check box is selected.

If the check box is selected, Anti-Spam scans messages using a custom list from the selection of SURBL black lists shown below.

If the check box is selected, you can form a custom list of DNS names of servers and assign weighting coefficients to them.

The following buttons are designed for creating a list:

• – adds the record appearing in the entry field to the custom list.
• – removes the selected record from the custom list.
• – exports the custom list to file.
• – import the custom list from file.

If the check box is cleared, the buttons and the list are unavailable, and Anti-Spam does not use the custom list during scanning.

The check box is cleared by default.

The check uses a reverse record lookup for the sender's IP.

If the check box is selected, Anti-Spam performs a reverse lookup for the message senders' IP addresses.

If the check box is cleared, Anti-Spam does not check the senders' IP addresses in DNS.

The check box is selected by default.

Enables use of SPF technology (Sender Policy Framework).

If the check box is selected, Anti-Spam performs a check for the implementation of SPF during analysis.

If the check box is cleared, a check for the implementation of SPF is not performed.

The check box is selected by default.

The sender's IP address is checked for potential belonging to a botnet using reverse lookup of its DNS.

If the check box is selected, the application checks if the sender's IP address belongs to a dynamic DNS. If the sender's IP address belongs to a dynamic DNS (an indirect sign that the IP address is part of a botnet), the application raises the spam rating of the message.

If the check box is cleared, the sender's IP address is not checked for potential belonging to a botnet.

The check box is cleared by default.

The maximum time during which a DNS server response is awaited (seconds).

The default value is 5 sec.

Maximum time in seconds allotted for scanning a single message for spam and phishing. If the scan time exceeds the value specified in the field, message scanning for spam and phishing is stopped automatically.

The default value is 60 sec.

The maximum size of a message being scanned for spam and phishing together with all attachments (kilobytes). If the message size together with all attachments exceeds the value in the entry field, the application delivers the message to the recipient without scanning it for spam and phishing.

The default value is 1536 KB (1.5 MB). The maximum value is 2096128 KB (2047 MB), and the minimum value is 1 KB.

Enables Anti-Spam scanning of .doc files attached to messages.

If the check box is selected, Anti-Spam scans .doc files.

If the check box is cleared, Anti-Spam skips .doc files without scanning them.

The check box is cleared by default.

Enables Anti-Spam scanning of .rtf files attached to messages.

If the check box is selected, Anti-Spam scans .rtf files.

If the check box is cleared, Anti-Spam skips .rtf files without scanning them.

The check box is cleared by default.

Enables the use of the GSG image analysis technology.

If the check box is selected, the application checks images attached to messages against samples in the Anti-Spam database. The application raises the spam rating of messages if it detects matches.

If this check box is cleared, the application does not check images attached to messages against samples in the Anti-Spam database.

The check box is selected by default.

Enables spam scanning for messages received via a trusted connection.

If this check box is selected, Anti-Spam performs a spam scan on messages received via a trusted connection.

If the check box is cleared, Anti-Spam skips such messages without scanning them.

Scanning of messages received via a trusted connection for malicious (phishing) links is enabled permanently.

The check box is cleared by default.

Disables the scanning of messages for spam and phishing for the Postmaster address.

If the check box is selected, Anti-Spam skips messages sent to the Postmaster address without scanning them.

If the check box is cleared, Anti-Spam scans such messages for spam and phishing.

The check box is selected by default.