Kaspersky Anti-Spam Module (KAV 6), Outlook. Ouch
PERMALINK || External link to topic of post
Well, it's another installment of software "gotchas" experience that I'm sharing to hopefully help others.
KAV 6 for Windows Workstations is actually a powerful product. It has it's annoying characteristics, and has its share of cryptic messages that can make even an IT pro go "huh?". Unfortunately, this case goes beyond annoying behavior, it has graduated to damage in the form of lost business email.
Included in this suite of security modules is an Anti-Spam module. It integrates with Outlook (tested in our environment with Outlook 2000 and 2003). Installation itself is quick, easy and straightforward. You can choose which modules to install with the usual "Custom" installation option. Integration of the Anti-Spam module is problem free. That's where the honeymoon ends.
Upon starting Outlook, you'll get a pop up window showing you headers of email you are about to download (it's called the Mail Dispatcher). You can select items to delete - aka not download. If this feature becomes too annoying, you can even turn it off. A really cool feature. It is, until you realize that another "routine" will run on the items you didn't mark for deletion. In other words, it's Anti-Spam "intelligence" will still run on the email you cleared (didn't delete).
On the surface this is the right thing to do. After all, it was just a header you previewed. You didn't really see the content of the email. BUT, the big problem is that one of the tests is based on a word/phrase list. If any of these words/phrases are in the email, it is BLOCKED. In reality, it's really "deleted". It's not marked as SPAM. Therefore, you cannot recover it.
And just what are some of the default words/phrases in this list based on "the extensive experience" of Kaspersky (asterisks mean anything before after the word)?
If you're in disbelief, here's a screen shot of this "feature" (bottom panel, Blocked phrases):
"Call this customer...", "...update our product price..." All these emails are GONE, not in some Spam folder, no review, they're gone...that's what BLOCKED means. I wonder what type of business Kaspersky personnel had in mind that didn't use these words in standard communication internally, with vendors, business partners, etc.
Enough, this is stupid...fine FUBAR is more appropriate actually. Go ahead, scream WTF! That's appropriate too.
As you can see, you can turn this off by unchecking the "Blocked Phrases" box. It's that easy. And if you want to gamble on this with your own "experience" at spam detection, you can go through the list and uncheck as you please, add words phrases, etc. I wouldn't recommend it though...an outfit like Kaspersky obviously doesn't, you're probably better off with Outlook's own Junk Mail detection....it's not perfect, but at least it doesn't make your email disappear!
That easy, right? Well yes and no. Here's the catch: if you don't want to lose email, uncheck/modify/disable this feature BEFORE you start Outlook. Otherwise, it's too late. You are almost guaranteed to lose email - I mean just read the sample I gave for the default/built-in block list!
How do you get to that window?
Note to Kaspersky:
There's one thing a lot worse than receiving SPAM. It's losing email. In case you haven't heard the term, it's called "false positive". It's OK to be imperfect - nothing is perfect, but your design is faulty. If you know you're imperfect, you have to allow recovery in some form. That's the mark of any true experienced provider of email security solutions.
- Product: Kaspersky Anti-Virus 6.0 for Windows Workstations (v. 6.x)
- License type: Business/Commercial - simply means we have multiple licenses for our offices
- Specific issue: Anti-Spam Module = Lost / disappearing email
- Crapola meter: Utter Craploa (utter trash), out of the box
KAV 6 for Windows Workstations is actually a powerful product. It has it's annoying characteristics, and has its share of cryptic messages that can make even an IT pro go "huh?". Unfortunately, this case goes beyond annoying behavior, it has graduated to damage in the form of lost business email.
Included in this suite of security modules is an Anti-Spam module. It integrates with Outlook (tested in our environment with Outlook 2000 and 2003). Installation itself is quick, easy and straightforward. You can choose which modules to install with the usual "Custom" installation option. Integration of the Anti-Spam module is problem free. That's where the honeymoon ends.
Upon starting Outlook, you'll get a pop up window showing you headers of email you are about to download (it's called the Mail Dispatcher). You can select items to delete - aka not download. If this feature becomes too annoying, you can even turn it off. A really cool feature. It is, until you realize that another "routine" will run on the items you didn't mark for deletion. In other words, it's Anti-Spam "intelligence" will still run on the email you cleared (didn't delete).
On the surface this is the right thing to do. After all, it was just a header you previewed. You didn't really see the content of the email. BUT, the big problem is that one of the tests is based on a word/phrase list. If any of these words/phrases are in the email, it is BLOCKED. In reality, it's really "deleted". It's not marked as SPAM. Therefore, you cannot recover it.
And just what are some of the default words/phrases in this list based on "the extensive experience" of Kaspersky (asterisks mean anything before after the word)?
- * product *
- * customer *
- * sale *
- * purchase *
- * price *
- * receipt *
If you're in disbelief, here's a screen shot of this "feature" (bottom panel, Blocked phrases):
"Call this customer...", "...update our product price..." All these emails are GONE, not in some Spam folder, no review, they're gone...that's what BLOCKED means. I wonder what type of business Kaspersky personnel had in mind that didn't use these words in standard communication internally, with vendors, business partners, etc.
Enough, this is stupid...fine FUBAR is more appropriate actually. Go ahead, scream WTF! That's appropriate too.
As you can see, you can turn this off by unchecking the "Blocked Phrases" box. It's that easy. And if you want to gamble on this with your own "experience" at spam detection, you can go through the list and uncheck as you please, add words phrases, etc. I wouldn't recommend it though...an outfit like Kaspersky obviously doesn't, you're probably better off with Outlook's own Junk Mail detection....it's not perfect, but at least it doesn't make your email disappear!
That easy, right? Well yes and no. Here's the catch: if you don't want to lose email, uncheck/modify/disable this feature BEFORE you start Outlook. Otherwise, it's too late. You are almost guaranteed to lose email - I mean just read the sample I gave for the default/built-in block list!
How do you get to that window?
- Double-click the red "V" (I know it's a "K", for Kaspersky, but well, what can I say, it looks more like a "V") icon in your system tray,
- click "Settings" on the top of the Kaspersky window that pops up,
- click Anti-Spam on the left pane, select "Customize" in the Sensitivity section on the right panel,
- and finally, click on the Blacklist tab
- Uncheck as needed
Note to Kaspersky:
There's one thing a lot worse than receiving SPAM. It's losing email. In case you haven't heard the term, it's called "false positive". It's OK to be imperfect - nothing is perfect, but your design is faulty. If you know you're imperfect, you have to allow recovery in some form. That's the mark of any true experienced provider of email security solutions.
posted by EdSF at
7:45 AM
1 Comments:
Thanks this was useful!
By
Anonymous, at 3:06 PM
Post a Comment
Links to this post:
Create a Link
<< Home