Vaderetro is a plug-in used in Dr.Web for UNIX mail servers. It filters out spam using VadeRetro library, designed by Vade Retro Technology company (a division of GoTo Software company).
VadeRetro library analyzes mail in the autonomous mode without requesting external sources for additional information on spam. Moreover, the library assures high processing speed and constantly improving quality of message analysis, which is possible due to dynamic updates of the library code (through Dr.Web Updater component).
File of VadeRetro dynamic library, which is used by Vaderetro anti-spam plug-in, is located in the %var_dir/lib directory and named as libvaderetro.so (as well as a file of the plug-in dynamic library). Please note that both files (of VadeRetro library and Vaderetro plug-in) are named equally, but they are different libraries. File of the Vaderetro plug-in dynamic library is located in the %bin_dir/maild/plugins directory.
|
On startup, Dr.Web MailD temporarily renames file of VadeRetro library by adding a .cache extension to the file name. It is done to avoid update conflict when updating VadeRetro library through Dr.Web Updater component. |
Depending on the analysis results, each message processed by the VadeRetro library receives a score - an integer in the range from -10000 to +10000. The less is the value, the higher is the probability that the message is not spam. Threshold value, which determines whether to classify a message as spam, is defined by the SpamThreshold parameter from the vaderetro configuration file. If the evaluation score given to a message is higher than or equal to the SpamThreshold parameter value, the message is classified as spam.
At the final stage of analysis VadeRetro library can add the following headers to the message:
•X-Drweb-SpamScore: n, where n is the score that VadeRetro assigns to a message. The header is added only if the AddXHeaders parameter value is set to Yes.
•X-Drweb-SpamState: b, where b is Yes for spam and infected messages and No for non-spam messages and DSN. The header is added only if the AddXHeaders parameter value is set to Yes.
•X-Drweb-SpamState-Num: s, where s is a message classification result; s can take the following values: 0, 1, 2 and 3.
os = 0 – this message is not spam;
os = 1 – this message is spam;
os = 2 – this message contains a virus;
os = 3 – this message is a DSN.
This header is added only if Yes is specified for the AddXDrwebSpamStateNumHeader parameter of the vaderetro configuration file.
•X-Drweb-SpamVersion: version , where version is the version of VadeRetro library. This header is added only if Yes is specified for the AddVersionHeader parameter of the Vaderetro configuration file.
•X-Spam-Level: z , where z is a set of "*" (each of them equals to 10 score points, assigned to a message). This header is added only if Yes is specified for the AddXSpamLevel parameter of the Vaderetro configuration file.
•X-DrWeb-SpamReason: some_text, where some_text is some encoded diagnostic message from the anti-spam module. It is necessary for improvement of the quality of spam detection. This header is added only when the AddXHeaders parameter for this message is set to yes.
Moreover, if a message is classified as spam because its score is equal or less than the Threshold value, Vaderetro plug-in can add the text specified as the SubjectPrefix parameter value in the Vaderetro configuration file to the message subject. The text is added only if the SubjectPrefix parameter value is not an empty string.
Similarly to that, the NotifySubjectPrefix parameter value can be added to the beginning of the Subject field of a notification.
If a message was marked as unconditional spam according to the UnconditionalSpamThreshold parameter, a value of UnconditionalSubjectPrefix is added to the beginning of the Subject field of this message.
A message score can change depending on the information on the sender and recipient addresses:
1.You can specify white and black lists of senders' addresses (WhiteList and BlackList configuration parameters respectively). If one of the senders' addresses is in the black or white list, the message score is changed by 5000 points (increased or decreased respectively) for every address found in the list. For details, refer to the description of the parameters.
2.You can specify number of points by which it is required to change the score of a message from protected networks (that is, networks specified in the ProtectedNetworks parameter of the [Maild] section in the main Dr.Web MailD configuration file).
3.You can also use special cache reply_cache, that stores information on messages from protected networks (list of recipient addresses) in order to consider this information while analyzing messages sent to the protected networks and being a reply on the messages. If the message sender is already cached, the message score can be changed by the specified number of points.
Note that a message undergoes all checks successively, so if several conditions were true for the same message, all changes are summarized. For example, if a message sender is in the black list and the sender is in the reply_cache, the message score is increased by a penalty for the sender being in the black list and then by a value specified in the ReplyToProtectedNetworkScoreAdd plug-in parameter of the plug-in configuration.
Messages which were mistakenly marked as spam should be sent to vrnonspam@drweb.com. Spam messages, accidentally passed by the spam filter, should be sent to vrspam@drweb.com.