Research

Technology

There are different techniques used by security softwares against spam .
The methods introduced in this section are built into the VirusBuster spam filter applications. These products include effective technologies, up-to-date spam filter solutions.

There are two methods for scanning incoming mail to recognize if they are spam or not. On the one hand the mail's source and type is concluded from the address of the sender (Black/White lists, RBL), on the other hand the mail's content and architecture is checked (pattern searching, heuristic and statistical methods).

Filtering by sender's address

Black list
Greatest part of spam comes from the same adresses. Generally, the recognised address of the computer from which spammers have sent their mail is a harmless machine's address stolen by spammers. If you deny receiving mails sent from that address then you can help the utilized location to revise its configuration to reduce the general spam risk. The most simple way of the spam filter's configuration is that you make a list enumerating the denied addresses. This is the black list that requires manual maintenance from you continuously.

White list
If you decide not to accept mails sent by unknown locations, you can compose a mailing list including the address of your own correspondent partners and the filtering mechanism rejects all mail coming from an unknown sender. This list is called White list. The unknown sender will be informed by the rejected mail about the way he can get into the White list or what he can do (e.g. make a new address) to be able to send mail to the recipient.

RBL (Realtime Blackhole List)
The RBL list contains IP addresses from which - directly or indirectly - spam was sent. These lists are accessible on the Internet and maintained continuously. Before the server receives a mail it tries to find the IP address of the sender on these lists. If it is there, the mail will be rejected.

Filtering by content and architecture

Bayes method
VirusBuster uses in its products content filtering based on statistical method which provides one of the best performance for spam filtering. It analyses received mails, divides them using their attributes (used words, mail body's construction) based on the thousand and thousand spam and normal mail features stored in the spam database. This method is effective; the database could be updated continuously providing up-to-date, customisable protection. Additionally, users are able to "teach" the spam database with their own mails, resources.
It is true that all the spam filters may sometimes declare some normal mail as spam (based on their features) even if they are not. But this little inconvenience can be still better tolerable than to be lost in spam heaps.

Increasing efficiency

It is possible to increase the recognition ratio of the spam filter that works based on statistical methods by collecting lots of spam and normal mails and making custom spam database out of them. Briefly, you can make your own spam database for your own environment. Then it works together with VirusBuster's database providing more effective spam recognition. Using this method, the spam features occurring in the system will be "memorized" step by step to provide more effective spam filtering and to reduce the false positives.

The spam database includes the features of the spam and normal mails. The system scans and ranks the incoming e-mails (spam, normal mail) based on the database . If you begin to make custom spam database, the most important task is to gather a lot of sample mails which will be the base of the database. These must be selected with care. We can say, that you should collect more normal mail than spam. It is because the variety of the text in spamis much less than in normal mails.

Sending sample mail

There are two index-number to determine the reliability of the spam filters. The ratio of the spam recognition and the false positives. This index-number depends on the samples used for the database. The efficiency of the statistical filter method is the best among the different ones. The ratio of the false positives is about 0.1% and the recognition ratio can be just 99%.

VirusBuster's spam filtering is based on the statistical method where the characters and features of several e-mails are collected, from which the filter determines the type of an incoming e-mail. So, the more e-mails are collected, the more effectiveness can be reached.

We expect SPAM mails IN THEIR ORIGINAL FORM! to the spam@virusbuster.hu address to expand our database and make SPAM filtering more effective.

In that case when the e-mail is ranged among spam, but it is not spam really (in case of FALSE POSITIVE) you should send it IN ITS ORIGINAL FORM! to the spamlab@virusbuster.hu address.

Attention!
We expect the SPAM and FALSE POSITIVE mails IN THEIR ORIGINAL FORM which means that they can be packed and attached to or inserted into your e-mail, but don't use the forwarding method.