Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 6191 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data protection not working as expected.

KWyrick1

I have had data protection and SPX working for a while now. I made a change and enabled the Social security numbers without separators [USA] as well as the standard Social security numbers [USA].

Configuration options are  

Scan within attachments. Action on rule match is: Send with SPX encryption.

If I send an email with a fake SS number, it doesn't get blocked or encrypted. 

Also, does anyone know if there is a way to block an email message if it has [secure:<password>] in the subject but the encrypt button hasn't been clicked? We occasionally have users try to send encrypted messages and forget to click the encrypt button. I would like to block those. I've tried a custom expression but that won't work because the UTM doesn't appear to check to see if it's encrypted before blocking.  



This thread was automatically locked due to age.
  • 0
    The testing performed was insufficient to trigger the Data protection. Only a hand full of social security numbers were used during testing. The default rules specify a minimum of 10 in order to trigger the rule.
    As to the second part of my question, Support informs me that it isn't possible.
  • 0
    The number necessary to trigger can be changed in the backend, but it is unsupported and would violate the Support Agreement for paid license users, so I won't tell you exactly where this can be done, but it's in an xml file called PredefinedContentControlLists.xml. For each rule, there's a "quantity defaultValue=". Not too hard to find buried in the chroot-smtp directory. Keep in mind:
    1) The above warning about your support going bye-bye.
    2) By lowering the quantity, especially to 1, you will be greatly increasing the likelyhood of false positives, given the simplicity of the built-in regex used.
    3) Any Up2Date which patches the SMTP proxy will most likely overwrite the file, undoing your changes.

    I never quite understood the rational behind setting the quantity numbers quite so high. With the example of SSN, if you are at a facility which is covered by HIPAA, if even one leaks out, you're hosed. When I was supporting the Sophos Email Appliance, which is where this came to UTM from, it was a major irritation of a lot of customers.

    You're much better off creating your own custom CCL, where you have total control of what it will find, which will trigger on one instance. See www.sophos.com/.../117322.aspx. The other advantages to this being that Custom Rules through WebAdmin are completely supported and will survive Up2Date. :)
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen

    related to the above... do folks have any good compiled lists of regexes for common use-cases?  other than the few examples in the link above of course

Unfiltered HTML