User manual

ManualsBrandsAVIRA ManualsSoftwareAntiVir Exchange incl. AntiSpam

121

122

123

124

125

126

127

128

129

130

Any spam filtering job therefore has to take into account that e-mails may not be definitely

identifiable as spam. The spam filtering job works with a range of different criteria for

identifying spam. These criteria are split into definite and combined criteria.

Using the definite criteria, the job scans mail for unique spam characteristics and

classifies them into spam and non-spam. It then uses the combined criteria to investigate

the “gray zone” and determine a likelihood of the checked message being spam – its

spam probability. The spam probability for the definite criteria is always 0 % or 100 %,

while the probability for the combined criteria can range from 1 to 99.You will find a

configured Advanced spam filtering job under Policy Configuration - Job Templates.

The job carries out a range of analyses and checks the following elements of each

e-mail:

- E-mail headers

- Subject

- E-mail text

Like in normal content filtering, e-mails are checked for characteristic spam texts using

dictionaries.

In the “gray zone”, some of the characteristics typical for spam occur more frequently

while others suggest that an e-mail may not be spam. On their own, combined criteria

only pick up particular characteristics of an e-mail that suggest that it may be spam. The

greater the number of characteristics that match the combined criteria, the greater the

likelihood that the message is spam. The identified characteristics are combined (hence

“combined criteria”) to obtain a value indicating the probability that the message is spam.

Tip: The defined job is configured so that a high spam probability – for example

over 91 % – can be achieved only when definite spam characteristics have been

identified by several combined criteria.

The job distinguishes between up to four spam probability ranges. The boundaries

between these ranges (i.e. the probability threshold values) are user-definable with

sliders. For each range, you can specify actions to be taken for e-mails that fall into that

range. For example, you can specify that:

• definite "non-spam" with a Spam probability of 0 % is delivered as normal;

• e-mails with a spam probability below 10 % are also delivered as normal. You may

want to place e-mails for classification in the Spam Low Quarantine

•

for mail with a spam probability between 10 and 50 %, the SCL field is processed in

Exchange 2003, so that the e-mail is automatically moved to the recipient’s junk

mail folder or the e-mails are placed into the Spam Middle Quarantine;

- the recipients receive a summary report on the quarantined e-mails and can

request their delivery if required;

• e-mails with a spam probability over 50 % are deleted immediately. Here, too, you

can place e-mails in the Spam High Quarantine.

The following actions can be performed:

- Copy the entire e-mail to Quarantine

- Add label

- Delete the affected message without delivering it

- Add the email sender or recipients to userlist

- Notify the Administrator

- Notify the sender

- Notify the recipient

- Notify other user-defined recipients

- Start external program

- Add Avira tag and value

- Add header field and value

Avira AntiVir Exchange 7

130