CHAPTER 9. FREQUENTLY ASKED QUESTIONS
B.20. Notifications about actions applied to the message
applied to the message
Messages added to the log file may be different depending on the action per- formed.
When a message is delivered, the following line is added to the report file: envelope-id: RECEIVED, from=<...>, nrcpt=..., size=..., client=[...], helo=<...>,
message_id=<message id>, flags=... where:
envelope-id – message identifier in the application working queue;
from – value received from the MAIL FROM command;
nrcpt – the number of e-mail message recipients (transmitted with the RCPT TO command(s));
size – message size;
client – IP address of the client‟s host;
helo – client‟s domain name, received from HELLO/EHLO command;
message_id – message ID;
flags – flag(s) that have the following meanings:
188 Kaspersky Mail Gateway 5.6
D – client requested DSN-confirmations.
When message processing by the anti-virus engine completes, the following line is added to the log file:
envelope-id: AV-SCANNED, group=<...>, nrcpt=..., srcid=...,
status="...", names="..." where:
envelope-id – message identifier in the application working queue;
group – the name of the group of recipients (or policy group) to which the message belongs;
nrcpt – the number of recipients of this e-mail message (out of the re- cipients that belong to this group);
srcid – the original message‟s ID;
status – status assigned to the message based on the anti-virus scan results;
names – names of viruses, if any, separated by ", ".
When message processing by the anti-spam module is over, the following line is added to the log file:
envelope-id: AS-SCANNED, group=<...>, nrcpt=..., as-status="...", as-category="..."
where:
envelope-id – message identifier in the application working queue;
group – the name of the group of recipients (or policy group) to which the message belongs;
nrcpt – the number of recipients of the e-mail message (out of the re- cipients that belong to this group);
as-status – status assigned as a result of its processing by the anti- spam module;
as-category – category assigned to the message based on the con- tent analysis.
When generating system notifications, the following line will be added to the log file: envelope-id: CREATED, notify=<admin|recipient|sender>, nrcpt=..., size=..., srcid=... where:
envelope-id – the message‟s identifier in the application‟s working queue;
notify – account where the notification will be delivered (possible val- ues are admin, recipient, sender);
nrcpt – the number of recipients of the e-mail message;
size – message size;
srcid – original message ID.
When a copy of an e-mail message is created (for delivery of that message to different groups of recipients) the following line will be added to the log file:
envelope-id: SPLITTED, domain=<...>, nrcpt=..., srcid=...
where:
envelope-id – message identifier in the application working queue;
domain – name of the domain for which a copy of the original message was created;
nrcpt – the number of recipients of the e-mail message (out of the re- cipients that belong to this group);
srcid – the original message‟s ID.
When an e-mail message is delivered, the following line will be added to the log file:
envelope-id: DELIVERED, rcpt=<...>, server=..., size=..., status=sent|failed
where:
envelope-id – message identifier in the application‟s working queue;
rcpt – address of the message‟s recipient(s);
server – IP address and name of the server where the message is de- livered;
190 Kaspersky Mail Gateway 5.6
size – message size;
status – delivery status, possible values are:
sent – message was successfully delivered;
failed – message was not delivered.
When an e-mail message is blocked, the following line will be added to the log file:
envelope-id: BLOCKED, rcpt=..., size=... where:
envelope-id – message identifier in the application‟s working queue;
rcpt – address of the message recipient;
APPENDIX C.
SENDING SPAM
TO THE GROUP OF SPAM
ANALYSTS
Kaspersky Lab is grateful to all its users providing new samples of spam to the group of spam analysis. Received samples help us react in a timely manner to new methods of spam delivery preventing them during initial distribution stages. You can also send to us samples of mail erroneously recognized as spam. The messages will be carefully examined by the experts at linguistic laboratory who will be able to increase the quality of spam recognition and make the number of false alerts lower.
Sending spam samples in accordance with the instruction below maximally automates mail processing and shortens the response time of Kaspersky Mail Gateway to new methods used in spam mail.
Address for spam samples: [email protected]
Address for messages erro- neously recognized as spam:
Attention!
Spam samples should be sent as message attachments.
Different e-mail programs use different methods to ensure minimum loss of mes- sage headers in transit. We describe the procedure for users of most popular e- mail clients.
1. To forward spam using the e-mail client of Microsoft Office Outlook, per- form the following steps:
If you wish to forward a single message, create a new letter using the New button or the New Mail Message command and drag the spam message to the new letter with the mouse.
If you wish to forward several messages, highlight them and press the Forward button. E-mail client will automatically forward the se- lected messages as attachments to the new letter.
192 Kaspersky Mail Gateway 5.6
2. To forward spa using The Bat! e-mail client, perform the following steps:
If you wish to forward mail manually, highlight one or several mes- sages and use the Alternative Forward command accessible from the Specials toolbar menu.
If you wish to configure automatic spam forwarding, configure the sorting rules in mail manager as follows:
o Disable the Do not send attachments checkbox. o Disable the Use MIME checkbox.
3. To forward spam using Microsoft Outlook Express e-mail client, select one or several messages and perform Message → Forward as At- tachment command.
APPENDIX D.
KASPERSKY LAB
Founded in 1997, Kaspersky® Lab has become a recognized leader in informa- tion security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.
Kaspersky Lab is an international company. Headquartered in the Russian Fed- eration, the company has representative offices in the United Kingdom, France, Germany, Japan, USA (CA), the Benelux countries, China, Poland, and Roma- nia. A new company department, the European Anti-Virus Research Centre, has recently been established in France. Kaspersky Lab's partner network incorpo- rates more than 500 companies worldwide.
Today, Kaspersky Lab employs more than 450 specialists, each of whom is pro- ficient in anti-virus technologies, with 10 of them holding M.B.A. degrees, 16 holding Ph.Ds, and senior experts holding membership in the Computer Anti- Virus Researchers Organization (CARO).
Kaspersky Lab offers best-of-breed security solutions, based on its unique ex- perience and knowledge, gained in over 14 years of fighting computer viruses. A thorough analysis of computer virus activities enables the company to deliver comprehensive protection from current and future threats. Resistance to future attacks is the basic policy implemented in all Kaspersky Lab's products. The company‟s products consistently remain at least one step ahead of many other vendors in delivering extensive anti-virus coverage for home users and corporate customers alike.
Years of hard work have made the company one of the top security software manufacturers. Kaspersky Lab was one of the first businesses of its kind to de- velop the highest standards for anti-virus defense. The company‟s flagship prod- uct, Kaspersky Anti-Virus, provides full-scale protection for all tiers of a network, including workstations, file servers, mail systems, firewalls, Internet gateways, and hand-held computers. Its convenient and easy-to-use management tools ensure advanced automation for rapid virus protection across an enterprise. Many well-known manufacturers use the Kaspersky Anti-Virus kernel, including Nokia ICG (USA), F-Secure (Finland), Aladdin (Israel), Sybari (USA), G Data (Germany), Deerfield (USA), Alt-N (USA), Microworld (India) and BorderWare (Canada).
Kaspersky Lab's customers benefit from a wide range of additional services that ensure both stable operation of the company's products, and compliance with specific business requirements. Our databases are updated every hour. The company provides its customers with a 24-hour technical support service, which is available in several languages to accommodate its international clientele.
194 Kaspersky Mail Gateway 5.6