"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The following are examples of data that can be used to trigger CCL-based rules on the Sophos Email Appliance. Once you have created the sample rule, enter the data using the Policy Wizard, and then view the results in the quarantine and the mail log.
Each example recommends setting the quantity to "1". This ensures that the CCL is triggered. In practice, you may have to experiment with various custom settings to find the one that is right for your environment.
For more about implementing CCL-based rules, see the 'Data Control Deployment Guide' in the Email Appliance documentation.
One of the most common types of data to be leaked from an organization is credit card numbers. Use the sample number shown below to see how the appliance handles messages containing a valid credit card number.
Often, organizations want to prevent users from sending messages that contain social security numbers. Use the sample number shown below to see how the appliance handles messages containing valid social security numbers.
Organizations usually want to prevent users from sending messages that disclose the mailing addresses of people within the organization. Use the sample address shown below to see how the appliance handles messages containing valid mailing addresses.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.