Email processing algorithm

July 4, 2024

ID 42881

The application processes email messages according to the following algorithm:

  1. The Scan Logic message scanning control module determines which message processing rules apply to a message based on the combination of the sender and recipient addresses, and chooses the rule with the highest priority. If no rule is found for the address pair, the application processes the message in accordance with the Default rule.
  2. If the message is addressed to several recipients whose addresses belong to different rules, several virtual copies of the message are created in accordance with the number of rules. Each copy of the message is processed as per the rule assigned to the address of the recipient.
  3. The further actions taken by the application depend on the settings of the selected message processing rule.
    • If the rule specifies that messages are to be scanned for spam, the Scan Logic module forwards the email message to Anti-Spam engine for scanning.

      The Anti-Spam engine scans the message and assigns one of the spam scan status labels to it. Information about the status assigned is contained in the special information X-header X-KLMS-AntiSpam-Status, which Scan Logic adds to the message after it is processed. Based on the results of message scanning, the Scan Logic module also adds a status tag at the beginning of the message subject.

    • If the rule specifies that messages are to be scanned for phishing threats, the Scan Logic module forwards the email message to the Anti-Phishing engine for scanning.

      The Anti-Phishing engine scans the message and assigns one of the phishing scan status labels to it. Information about the status assigned is contained in the special information X-header X-KLMS-AntiPhishing, which Scan Logic adds to the message after it is processed. Based on the results of message scanning, the Scan Logic module also adds a status tag at the beginning of the message subject.

    • If the rule specifies that messages are to be filtered for content, the Scan Logic module performs content filtering of the message by size, name, and format of attachments.

      As a result of content filtering, Scan Logic assigns one of the following content filtering status labels to messages:

    • If the rule settings define a virus scan of messages, the Scan Logic module forwards the email message to the Anti-Virus engine for scanning.

      The email format analyzer (MIME, RFC2822, UUE) built into the Anti-Virus engine parses the individual objects of the message: body, attachments, and others. Every object received is sent to Anti-Virus engine for scanning.

      Anti-Virus first scans messages as one object and then one message part at a time and assigns one of the anti-virus scan status labels to the message. Based on the results of message scanning, the Scan Logic module adds a status tag at the beginning of the message subject.

  4. Depending on the status assigned to messages, the application processes them in accordance with the message processing rule settings.
');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).