On Fri, 14 Nov 2008 11:27:41 -0800 "Bob Gahl" <[EMAIL PROTECTED]> wrote:
> I'm current struggling to get the DLP detection in ClamAV to work. > I've linked my clamd.conf and sendmail.cf files for reference. It's > possible I don't really understand how the detection works so I'll > describe how I'm testing it. > > Clamd.conf: http://www.bawcsa.org/~bgahl/clamd.conf > Sendmail.cf: http://www.bawcsa.org/~bgahl/sendmail.cf > > First off, I've confirmed that ClamAV is, indeed, scanning email. When > I send the eicar.com file to a local account on the system, the email > gets rejected by ClamAV by: > > a) sending an email to the sender indicating that a virus is detected. > b) offending email ends up in the ClamAV quarantine. > > To test the DLP detection, I'm putting: > > SSN: 555-55-5555 > > in the body of the test email when I send it. The target address of > the email is the machine that ClamAV is running on. I have, in fact, > put my actual SSN in the email as well. In either case, the email is > passed w/o detection. > > Note that I have tested SSNs with and without hyphens. I've also tried > turning on both detection mechanisms as well as either one (as I'm not > sure the detection is either/or or both/and. Nothing seems to work. > > Any direction would be greatly appreciated. Bob, please have a look at StructuredMinSSNCount in clamd.conf. HTH, -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Nov 14 20:35:55 CET 2008 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
