Protection for the Hub Transport role tab
Anti-Virus scan settings
The Anti-Virus scan settings drop-down section lets you configure Anti-Virus scan settings.
Enable anti-virus protection for the Hub Transport role
If this check box is selected, Anti-Virus protection of a Microsoft Exchange server deployed in the Hub Transport role is enabled.
If this check box is cleared, Anti-Virus protection of a Microsoft Exchange server deployed in the Hub Transport role is enabled.
The check box is selected by default.
The Object processing settings section lets you configure the actions taken by the application on objects detected during the Anti-Virus scan.
The drop-down list Infected object lets you select the action to be taken by the application upon detecting an infected object.
The following options are available:
- Allow. The application delivers the message with the infected object to the recipient unchanged.
If the Add label to message header and Tag for external recipients check boxes are selected, the application adds an extra text (tag) to the message subject. The Add label to message header check box adds a tag to messages for internal recipients, while the Add label to message header check box adds a tag for external recipients. The tag text can be edited. Default tag value:
[Infected object detected]. - Delete object. The application attempts to disinfect the infected object. If disinfection has failed, the application deletes the infected object and delivers the message to the recipient.
If the Add label to message header and Tag for external recipients check boxes are selected, the application adds an extra text (tag) to the message subject. The Add label to message header check box adds a tag to messages for internal recipients, while the Add label to message header check box adds a tag for external recipients. The tag text can be edited. Default tag value:
[Infected object deleted]. - Delete message. The application completely deletes the message containing the infected object.
In the Protected object dropdown list, you can select the action to be performed by the application on detecting a password-protected object.
The following options are available:
- Allow. The application delivers the message with the password-protected object to the recipient unchanged. If the Add label to message header check box is selected, the application adds an extra text (tag) to the message subject. The tag text can be edited. Default tag value:
[Protected object detected]. - Delete message. The application completely deletes the message containing the password-protected object.
The drop-down list Corrupted object lets you select the action to be taken by the application upon detecting a corrupted object.
The following options are available:
- Allow. The application delivers the message with the corrupted object to the recipient unchanged. If the Add label to message header check box is selected, the application adds an extra text (tag) to the message subject. The tag text can be edited. Default tag value:
[Corrupted object detected]. - Delete message. The application completely deletes the message containing the corrupted object.
Save a copy of the object in Backup
Saves a copy of the original message in Backup.
If this check box is selected, the application saves a copy of the message in Backup in the following cases:
- Before deleting the message
- Before deleting the attachment
- When skipping the message
If this check box is cleared, the application saves no copy of the object in Backup.
The check box is selected by default.
Attachment filtering
The Attachment filtering dropdown section allows you to configure the filtering of files attached to messages by type, name, and size.
Enables scanning of attachment files in email messages.
If the check box is selected, the application scans attachment files in email messages. During the filtering process, the application looks for attachment files that match the filtering criteria. The application applies the action configured in the filtering settings to the attachments it detects (skips the attachments, deletes the attachments, or deletes the message).
If the check box is cleared, attachment filtering is disabled.
The check box is cleared by default.
In the Filtering settings section, you can enable filtering of message attachments and configure filtering settings. The application filters files that are directly attached to messages, as well as files in nested containers and archives. Attachment filtering is based on the archive and container scanning settings specified on the Advanced Anti-Virus settings tab.
Filtering of attached files and archives based on file format.
The application recognizes the format of a file by its structure, that is, by the way it is stored or displayed on the screen. This allows you to filter attachments even if the extension of an attached file does not match the actual type of the file (for example, if the extension has been changed intentionally).
If this check box is selected, the 
button is active. Clicking this button opens the File formats window in which you can select file formats. The selected formats are shown in the Attachment file format field.
The application scans attached and archived files. Upon detection of files of the specified formats, the application applies the action selected in the filtering settings to messages being scanned.
If this check box is cleared, the application does not filter files by format.
The check box is cleared by default.
Filtering of attached files and archives by file name or extension.
If this check box is selected, the button is active. Clicking this button opens the File name masks window in which you can specify names and / or file name masks manually. You can also import a list of names and / or file name masks in TXT format. The specified names and / or file name masks are displayed in the Attachment file name field.
The application scans attached and archived files. Upon detection of files that match the filtering criteria, the application applies the action selected in the filtering settings to messages being scanned.
If this check box is cleared, the application does not filter files by name and / or extension.
The check box is cleared by default.
Microsoft Office files with macros
Filtering of macros in Microsoft Office files that are in attachments or archives.
If the check box is selected, the application scans Microsoft Office files that may contain macros. The application determines that a file contains a macro based on the file structure. This function lets you filter attachments containing macros even if the extension of an attached file does not match the actual type of file (for example, if the extension was modified).
The application scans files in attachments and files in archives. When Microsoft Office files containing macros are detected, the application applies the action defined in the filtering settings to the messages being scanned.
If this check box is cleared, the application does not filter Microsoft Office files containing macros.
The check box is cleared by default.
Filtering attachments by size of the attachment file.
If this check box is selected, the spin box on the right is active. In this spin box, you can specify the maximum size of attached files sent in email messages. You can specify a size value from 1 to 999 MB. The default value is 20 MB. If the application detects attachments that exceed the specified size, it applies the action that has been configured in the filtering settings.
If this check box is cleared, the application does not filter attachment files by format.
The check box is cleared by default.
Drop-down list in which you can select the action that the application takes on attachments that meet at least one of the filtering criteria:
- Allow. The application allows sending the email message that contains attachments. This is the default option. To receive information about objects that have been filtered out, you can configure notifications or logging of events in the Windows event log.
- Delete object. The application removes the object from the attachment or removes the attachment from the email message. The application also adds a file in TXT format to this message; the file contains information about all attachments that have been deleted.
- Delete message. The application permanently deletes the email message with the attachment that has been filtered out. If you select this option, it is recommended that you save copies of messages in Backup to avoid data losses.
Adds a tag to the Subject field, which indicates that the attachment was scanned by the application.
If the check box is selected, the application adds a tag to the message subject. The tag indicates that the message was filtered. The application adds the tag to the Subject field in messages in the following cases:
- When deleting the attachment
- When skipping the message
You can specify the tag text in the entry field on the right. The default tag text is Prohibited Attachment.
If this check box is cleared, the application adds no tag to the Subject field.
The check box is cleared by default.
Saves a copy of the original message in Backup.
If this check box is selected, the application saves a copy of the message in Backup in the following cases:
- Before deleting the message
- Before deleting the attachment
- When skipping the message
If this check box is cleared, the application saves no copy of the object in Backup.
The check box is selected by default.
The Exclusions from filtering section allows you to exclude attached files from filtering by the following criteria: sender email address, recipient email address, or attached file name (mask).
Do not scan messages from the following senders
Excluding messages from filtering by senders.
If this check box is selected, you can specify senders that will be added to the list of exclusions during attachment filtering. The application does not scan attachments that were sent from email addresses specified in the list of exclusions. You can create a list of email addresses of senders, using the entry field and the buttons listed below.
You can add both individual e-mail addresses (for example, user@mail.com) and address masks (for example, *@domain.net) to the list.
The following buttons are designed for creating a list:
- add the record from the entry field to the list.
– remove the selected record from the list.
– export the list to a file.
– import the list from a file.
If the check box is cleared, the entry field, buttons, and the list are unavailable.
The check box is cleared by default.
The file with the list you are importing must contain xml tags used by Kaspersky Security. You can copy tags from the list of email addresses that has been exported to file.
Do not scan messages for the following recipients
Excluding messages from filtering by recipients.
If this check box is selected, you can specify recipients that will be added to the list of exclusions during attachment filtering. The application does not scan attachments that were sent to email addresses specified in the list of exclusions. You can create a list of email addresses of recipients, using the entry field and the buttons listed below.
You can add both individual e-mail addresses (for example, user@mail.com) and address masks (for example, *@domain.net) to the list.
The following buttons are designed for creating a list:
- - add the record from the entry field to the list.
- – remove the selected record from the list.
- – export the list to a file.
- – import the list from a file.
If the check box is cleared, the entry field, buttons, and the list are unavailable.
The check box is cleared by default.
The file with the list you are importing must contain xml tags used by Kaspersky Security. You can copy tags from the list of email addresses that has been exported to file.
Do not scan files matching the masks
Excludes messages from filtering by file names and file name masks.
If this check box is selected, you can specify file names or file name masks that will be added to the list of exclusions during attachment filtering. The application does not scan attached files that match the specified names or name masks. You can create a list of file names and file name masks using the entry field and the buttons listed below.
The following buttons are designed for creating a list:
- - add the record from the entry field to the list.
- – remove the selected record from the list.
- – export the list to a file.
- – import the list from a file.
If the check box is cleared, the entry field, buttons, and the list are unavailable.
The check box is cleared by default.
Filtering of attachments that are containers or archives takes into account exclusions by names and name masks specified in the Anti-Virus settings, on the Advanced Anti-Virus settings tab. Containers and archives that have been excluded from Anti-Virus scanning by file names and file name masks, will also be excluded from attachment filtering as follows:
- The application does not check files from these containers / archives for matching the filtering criteria.
- The application checks containers / archives themselves for matching the filtering criteria.
Anti-Spam scan settings
The Anti-Spam scan settings drop-down configuration section lets you configure the settings for scanning messages for spam and phishing content.
Enable anti-spam scanning of messages
Enables / disables scanning of incoming messages for spam using the Anti-Spam module.
If the check box is selected, the application scans incoming messages for spam.
If this check box is cleared, incoming messages are not scanned for spam.
The check box is selected by default.
The slider sets the sensitivity level of the anti-spam scanning. Anti-Spam takes the value of this setting into account when categorizing a message as spam or probable spam.
The following sensitivity levels of message analysis for spam are available:
- maximum. This sensitivity level should be used if you receive spam very often. When you select this sensitivity level, the frequency of false positives rises: i.e., useful mail is more often recognized as spam.
- high. This level should be used if you rarely receive spam. When you select this level, the frequency of useful email recognized as spam reduces (as compared against the maximum level). The scan speed increases.
- low. This sensitivity level provides an optimal combination of scanning speed and quality. When you select this level, the frequency of useful email recognized as spam reduces (as compared against the high level). The scan speed increases.
This sensitivity level is set by default.
- minimum. This sensitivity level should be used if you receive spam rarely.
This slider is available if the Enable anti-spam scanning of messages check box is selected.
The Spam processing settings section lets you configure the actions to be taken by the application on messages depending on the status tag assigned by Anti-Spam, as well as configure the use of additional spam analysis services.
Table of spam processing settings
The table consists of rows containing status tags that can be assigned to a message by Anti-Spam and columns containing the actions taken by the application on messages with the corresponding status tags. This table is available if the Enable anti-spam scanning of messages check box is selected.
The table contains the following message status tags:
- Spam. The application has considered the message to be spam.
Unsolicited mass e-mail, most often containing advertising messages.
- Probable spam. The application has considered the message to be possible spam.
A message that cannot be unambiguously considered spam, but has several spam attributes (e.g., certain types of mailings and advertising messages).
- Formal notification. The application has considered the message to be a formal notification.
Message that is automatically generated and sent by mail clients or robots (for example, informing about the impossibility to deliver a message, or confirming user registration on a web resource).
- Address blacklisted. The message sender is included in the black list of senders.
- Mass mail. The application has considered the message to be bulk email delivery.
The following settings can be configured for each status tag in the corresponding table columns:
- The Action drop-down list lets you select the action to be taken by the application on messages with a status tag assigned by Anti-Spam. The following operations are available for selection:
- Allow. The application delivers the message to the recipient. This action is selected by default for all status tags.
- Reject. The application does not deliver the message to the recipient. An error message is returned to the sending server (error code 500).
- Delete. The application does not deliver the message to the recipient. The sending server receives a notification that the message has been sent (error code 250).
- Add SCL value check box.
If the check box is selected, the application supplements the message with the spam confidence level (SCL). The SCL rating can be a number ranging from 0 to 9. A higher SCL rating means a higher probability of spam content in a message. By default, the check box is selected for the Spam, Probable spam, Address blacklisted, and Mass mail statuses.
Spam Confidence Level is a special tag used by Microsoft Exchange mail servers to measure the spam probability of a message. The SCL rating can range from 0 (minim probability of spam) to 9 (the message is most probably spam). Kaspersky Security can change the SCL rating of a message depending on the message scan results.
- Save copy check box.
If the check box is selected, the application saves a copy of the message in Backup. The check box is cleared for all status tags by default.
- Add label to message header check box.
If this check box is selected, the application adds the text (tag) appearing in the entry field next to the check box, to the message subject. The tag text can be edited. By default, the check box is selected for the Spam, Probable spam, Address blacklisted, and Mass mail statuses.
Enable anti-phishing scanning of messages
If the check box is selected, the application scans incoming messages for phishing links.
A kind of online fraud aimed at obtaining unauthorized access to confidential data of users.
If this check box is cleared, incoming messages are not scanned for phishing links.
This check box is available if the Enable anti-spam scanning of messages check box is selected.
The check box is selected by default.
Table of phishing processing settings
This table contains a string with settings, which define actions that the application takes on messages with the Phishing status. This table is available if the Enable anti-spam scanning of messages check box is selected.
The string contains the following settings:
- The Action dropdown list allows you to select an action to be taken by the application on messages with the Phishing status.
- Allow. The application delivers the message to the recipient. This action is selected by default.
- Reject. The application does not deliver the message to the recipient. An error message is returned to the sending server (error code 500).
- Delete. The application does not deliver the message to the recipient. The sending server receives a notification that the message has been sent (error code 250).
- Add SCL and PCL rating check box.
If this check box is selected, the application adds a spam confidence level (SCL) rating of 9 and a phishing confidence level (PCL) rating of 8 to the message. The check box is selected by default.
- Save copy check box.
If the check box is selected, the application saves a copy of the message in Backup. The check box is cleared by default.
- Add label to message header check box.
If this check box is selected, the application adds the text (tag) appearing in the entry field next to the check box, to the message header. The tag text can be edited. The check box is selected by default.
Use Kaspersky Security Network
Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to the Kaspersky Lab online knowledge base that contains information about the reputation of files, web resources, and software. Kaspersky Security Network is intended for improving detection of viruses and other threats, spam and phishing links, as well as for receiving statistics used to detect threats.
If you do not want to transmit data of your organization over the Internet, you can use the Kaspersky Private Security Network service.
Kaspersky Private Security Network (KPSN) is a solution that lets you receive access to Kaspersky Security Network data via a server located within your organization's network. KPSN enables Kaspersky Lab applications to receive access to the online Kaspersky Lab Knowledge Base for information about the reputation of files, web resources, and software. KPSN does not transmit statistics and files to Kaspersky Lab. For more detailed information, please refer to the Kaspersky Private Security Network Administrator's Guide.
The Kaspersky Private Security Network service was designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:
- Servers have no Internet connection
- Legislative ban on transmitting any data outside of the country
- Corporate security requirements imposed on the transmission of any data outside of the corporate LAN
If this check box is selected, the application uses data from Kaspersky Security Network during a scan.
If this check box is cleared, Kaspersky Security Network is not used.
The check box is cleared by default.
The Use Kaspersky Security Network check box is available if the I accept the KSN Statement option is selected in the KSN Settings section in the Settings node. Use Kaspersky Security Network or the Use Kaspersky Private Security Network (KPSN) option. All settings of the Kaspersky Security Network service are applied to the Kaspersky Private Security Network service.
Maximum waiting time when requesting KSN
The maximum time of waiting for a response to a request of Kaspersky Security Network server (in seconds).
The default value is 5 sec.
This setting is available if the Use Kaspersky Security Network check box is selected.
Use of the Reputation Filtering service in Anti-Spam scans.
If this check box is selected, the application uses the Reputation Filtering service during Anti-Spam scanning.
If this check box is cleared, Reputation Filtering service is not used.
The check box is cleared by default.
This setting is available if the Use Kaspersky Security Network check box is selected.
Use Enforced Anti-Spam Updates Service
Use of Enforced Anti-Spam Updates Service.
If the check box is selected, the application uses the Enforced Anti-Spam Updates Service during Anti-Spam scanning.
If the check box is cleared, the Enforced Anti-Spam Updates Service is not used.
The check box is selected by default.
Outgoing message processing settings
Scan outgoing messages and delete spam messages or messages containing phishing links
Enables / disables scanning of outgoing messages for spam and phishing content using the Anti-Spam module. If messages containing spam are being sent from a specific address in your organization, this could mean that a specific computer in your organization is infected with a virus.
If the Anti-Spam module detects a message that contains spam or phishing content, the message status takes the value Spam or Phishing. The application deletes the outgoing message containing the detected spam or phishing content while saving a copy of the outgoing message in Backup.
The Sender type field for outgoing messages in Backup has the value Internal. To determine whether or not a specific computer distributing spam or phishing content in your organization is infected, you can view the list of copies of outgoing messages in Backup, the list of events in the Windows Event Log, or the list of events in the Kaspersky Security Center Event Log.
The Anti-Spam Module scans outgoing mail messages addressed to external email addresses. The module does not scan messages related to the following categories:
- Messages addressed to internal email addresses.
- Messages for which the addresses of message recipients are in the white list.
The Anti-Spam Module determines the message status based on the text content and the message header. In the scan results, the application accounts for only the presence of spam or phishing content in messages to which the Anti-Spam Module assigned the status of Spam or Phishing. In the scan results, the application does not take into account positives in messages with the following statuses:
- Probable spam. The message is probable spam.
- Formal notification. The message is a formal notification.
- Mass mail. The message is mass mail.
Mass email messages authorized by the recipients, most often containing advertising messages.
The Reputation Filtering service is not used when scanning outgoing messages for spam and phishing content.
If the check box is selected, the application scans outgoing messages for spam and phishing content.
If this check box is cleared, outgoing messages are not scanned for spam and phishing content.
The check box is cleared by default.
White list of Anti-Spam addresses
The White list of Anti-Spam addresses dropdown section allows you to create the white list of message sender and recipient addresses. The application will not scan messages from those senders or to those recipients for spam and / or bulk email delivery.
You can add the addresses of internal and external senders and recipients to this list.
Clicking this button opens the White list record settings window in which you can add to the white list the address of a recipient or group of recipients for whom the application must not scan messages for spam and / or bulk email delivery.
Clicking this button opens the White list record settings window in which you can add to the white list the address of a recipient or specify a mask for a group of recipients from whom the application must not scan messages for spam and / or bulk email delivery.
Clicking this button opens the White list record settings window in which you can edit the settings of a selected record on the white list.
Clicking this button deletes one or several selected records from the white list.
This table contains records with sender and recipient addresses that have been added to the white list.
The table records contain the following information:
- Type—Type of the address added to the white list:
—Email address
—IP address Only for sender addresses.
—Active Directory user Only for recipient addresses.
—Active Directory user group Only for recipient addresses.
- Address—Email address, email address mask, IP address, or Active Directory object that defines senders or recipients of messages that the application will not scan for spam and / or bulk email delivery
- Destination—Address purpose:
- Sender—The record excludes messages sent from the specified address from the scan for spam and / or bulk email delivery.
- Recipient—The record excludes messages sent to the specified address from the scan for spam and / or bulk email delivery.
- Scope—Details of scans from which the record excludes messages with the specified senders or recipients:
- Spam and mass email—The record excludes messages from the scan for spam and bulk email delivery.
- Mass mail—The record only excludes messages from the scan for bulk email delivery.
- Modified by—account of the user who made the latest change to the record.
- Changed on—Date the record was last changed (UTC).
- Comment—Additional record details. For example, you can specify the reason for adding an address to the white list.
Clicking this button allows you to export records from the white list to a file. White list records are saved in a file with the wlist extension.
Clicking this button allows you to add records from a file to the white list. Import supports the following file types:
- wlist—XML files that contain exported white list records.
- txt—Text files that contain email addresses or masks listed line by line
When importing addresses from a TXT file, records that you are adding take the following values for settings:
- Purpose = Sender
- Scope = Spam and bulk email delivery
Black list of Anti-Spam addresses
The Black list of Anti-Spam addresses dropdown section allows you to create a black list of message senders. The application assigns those messages the Address blacklisted status and processes them in accordance with the settings that have been defined for this status in the spam processing settings. You can expand this list by adding the addresses of senders from which you need to always delete or reject messages.
Clicking this button opens the Black list record settings window in which you can add to the black list the address of a sender or specify a mask for a group of senders from whom the application must process messages according to the settings defined for messages with the Address blacklisted status.
Clicking this button opens the Black list record settings window in which you can edit the settings of the selected record from the black list.
Clicking this button allows you to delete one or several selected records from the black list.
This table contains records with sender addresses that have been added to the black list.
The table records contain the following information:
- Type—Type of the address added to the black list:
- —Email address
- —IP address
- Address—Email address, email address mask, or IP address, which defines senders from which the application will process messages in accordance with the settings defined for the Address blacklisted status.
- Modified by—account of the user who made the latest change to the record.
- Changed on—Date the record was last changed (UTC).
- Comment—Additional record details. For example, you can specify the reason for adding an address to the black list.
Clicking this button allows you to export records from the black list to a file. Black list records are saved in a file with the blist extension.
Clicking this button allows you to add records from a file to the black list. Import supports the following file types:
- blist—XML files that contain exported black list records
- txt—Text files that contain email addresses or masks listed line by line
Spam rating detection settings
The Spam rating detection settings dropdown section allows you to configure an increase in the spam rating of messages that show indirect signs of spam.
The Increase spam rating if section lets you configure an increase in the spam rating of a message based on results of analysis of the sender's and recipient's addresses.
"To" field contains no addresses
If the check box is selected, the application increases the spam rating of a message with an empty "To" field (a sign that the message has been sent to a list of blind carbon copied recipients).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
Sender's address contains numbers
If the check box is selected, the application increases the spam rating of a message with numbers in the sender's address (a sign of automatically generated addresses).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
Sender's address in the message body does not contain the domain part
If the check box is selected, the application increases the spam rating of a message with no domain in the sender's address (a sign of a spam sending application at work).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
The Increase spam rating if the subject contains section lets you configure an increase in the spam rating of a message based on results of the e-mail subject analysis.
If the check box is selected, the application raises the spam rating of a message with a subject longer than 250 characters (a sign of spam).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
If the check box is selected, the application raises the spam rating of messages with a subject containing multiple blanks and/or dots (a sign of spam).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
If the check box is selected, the application raises the spam rating of a message with a subject containing a time stamp (or a digital ID).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
The Increase spam rating if the message language is section lets you configure an increase in the spam rating of the message based on the results of message language analysis.
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
Using external Anti-Spam services
The Using external Anti-Spam services drop-down section lets you configure the usage of external services that scan IP addresses and URL addresses for spam.
Use external resources for spam scan
If this check box is selected, when scanning messages for spam, the application takes account of the results returned by external services that scan IP addresses and URL addresses for spam.
If the check box is cleared, when scanning messages for spam the application does not use external services that scan IP addresses and URL addresses for spam.
The check box is selected by default.
The DNSBL settings section lets you configure usage of the DNSBL service (Domain Name System Blocklist).
If the check box is selected, Anti-Spam scans messages using a custom list from the selection of DNSBL black lists shown below.
If the check box is selected, you can form a custom list of DNS names of servers and assign weighting coefficients to them.
The following buttons are designed for creating a list:
- – adds the record appearing in the entry field to the custom list.
- – removes the selected record from the custom list.
- – exports the custom list to file.
- – import the custom list from file.
If the check box is cleared, the buttons and the list are unavailable, and Anti-Spam does not use the custom list during scanning.
The check box is cleared by default.
The DNS name of the server that you want to add to the DNSBL or SURBL custom black list.
This entry field is available if the Use set of DNSBL black lists or Use set of SURBL black lists check box is selected.
The weighting coefficient of a DNSBL server or SURBL server from the custom list. It can range from 1 to 100.
If the sum of all custom list servers that have responded is greater than 100, the probability that the message is spam increases. If the sum is smaller than 100, the spam rating of the message is not increased.
This field is available if the Use set of DNSBL black lists or Use set of SURBL black lists check box is selected.
The SURBL settings section lets you configure usage of the SURBL service (Spam URI Realtime Block List).
If the check box is selected, Anti-Spam scans messages using a custom list from the selection of SURBL black lists shown below.
If the check box is selected, you can form a custom list of DNS names of servers and assign weighting coefficients to them.
The following buttons are designed for creating a list:
- – adds the record appearing in the entry field to the custom list.
- – removes the selected record from the custom list.
- – exports the custom list to file.
- – import the custom list from file.
If the check box is cleared, the buttons and the list are unavailable, and Anti-Spam does not use the custom list during scanning.
The check box is cleared by default.
Check sender IP for presence in DNS
The check uses a reverse record lookup for the sender's IP.
If the check box is selected, Anti-Spam performs a reverse lookup for the message senders' IP addresses.
If the check box is cleared, Anti-Spam does not check the senders' IP addresses in DNS.
The check box is selected by default.
Enables a check for the implementation of SPF (Sender Policy Framework).
If the check box is selected, Anti-Spam performs a check for the implementation of SPF during analysis.
If the check box is cleared, a check for the implementation of SPF is not performed.
The check box is selected by default.
Check if sender's IP address is dynamic
The sender's IP address is checked for potential belonging to a botnet using reverse lookup of its DNS.
If the check box is selected, the application checks if the sender's IP address belongs to a dynamic DNS. If the sender's IP address belongs to a dynamic DNS (an indirect sign that the IP address is part of a botnet), the application raises the spam rating of the message.
If the check box is cleared, the sender's IP address is not checked for potential belonging to a botnet.
The check box is cleared by default.
The maximum time during which a DNS server response is awaited (seconds).
The default value is 5 sec.
Advanced settings of Anti-Spam
The Advanced settings of Anti-Spam drop-down section lets you limit the maximum duration of message scanning and size of the object being scanned, as well as configure scan settings for Microsoft Office files and other additional Anti-Spam settings.
The Restrictions section lets you limit the duration of message scanning by Anti-Spam and the maximum size of the message being scanned.
Maximum time for scanning a message
Maximum time in seconds allotted for scanning a single message for spam and phishing. If the scan time exceeds the value specified in the field, message scanning for spam and phishing is stopped automatically.
The default value is 60 sec.
The maximum size of a message being scanned for spam and phishing together with all attachments (kilobytes). If the message size together with all attachments exceeds the value in the entry field, the application delivers the message to the recipient without scanning it for spam and phishing.
The default value is 1,536 KB (1.5 MB). The maximum value is 20480 KB (20 MB), and the minimum value is 1 KB.
The Scan settings for Microsoft Office files section lets you configure the settings of Microsoft Office documents scanning.
Enables Anti-Spam scanning of .doc files attached to messages.
If the check box is selected, Anti-Spam scans .doc files.
If the check box is cleared, Anti-Spam skips .doc files without scanning them.
The check box is cleared by default.
Enables Anti-Spam scanning of .rtf files attached to messages.
If the check box is selected, Anti-Spam scans .rtf files.
If the check box is cleared, Anti-Spam skips .rtf files without scanning them.
The check box is cleared by default.
The Other settings section allows you to configure the use of image analysis technology and configure scanning of trusted connections and scanning of messages sent to the Postmaster address for spam.
Enables the use of the GSG image analysis technology.
If the check box is selected, the application checks images attached to messages against samples in the Anti-Spam database. The application raises the spam rating of messages if it detects matches.
If this check box is cleared, the application does not check images attached to messages against samples in the Anti-Spam database.
The check box is selected by default.
Scan messages arriving over trusted connections for spam
Enables spam scanning for messages received via a trusted connection.
If this check box is selected, Anti-Spam performs a spam scan on messages received via a trusted connection.
If the check box is cleared, Anti-Spam skips such messages without scanning them.
Scanning of messages received via a trusted connection for malicious (phishing) links is enabled permanently.
The check box is cleared by default.
Skip messages for the Postmaster address
Disables the scanning of messages for spam and phishing for the Postmaster address.
If the check box is selected, Anti-Spam skips messages sent to the Postmaster address without scanning them.
If the check box is cleared, Anti-Spam scans such messages for spam and phishing.
The check box is selected by default.