On Fri, Nov 14, 2008 at 11:40 AM, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Fri, 14 Nov 2008 11:27:41 -0800 > "Bob Gahl" <[EMAIL PROTECTED]> wrote: > >> I'm current struggling to get the DLP detection in ClamAV to work. >> I've linked my clamd.conf and sendmail.cf files for reference. It's >> possible I don't really understand how the detection works so I'll >> describe how I'm testing it. >> >> Clamd.conf: http://www.bawcsa.org/~bgahl/clamd.conf >> Sendmail.cf: http://www.bawcsa.org/~bgahl/sendmail.cf >> >> First off, I've confirmed that ClamAV is, indeed, scanning email. When >> I send the eicar.com file to a local account on the system, the email >> gets rejected by ClamAV by: >> >> a) sending an email to the sender indicating that a virus is detected. >> b) offending email ends up in the ClamAV quarantine. >> >> To test the DLP detection, I'm putting: >> >> SSN: 555-55-5555 >> >> in the body of the test email when I send it. The target address of >> the email is the machine that ClamAV is running on. I have, in fact, >> put my actual SSN in the email as well. In either case, the email is >> passed w/o detection. >> >> Note that I have tested SSNs with and without hyphens. I've also tried >> turning on both detection mechanisms as well as either one (as I'm not >> sure the detection is either/or or both/and. Nothing seems to work. >> >> Any direction would be greatly appreciated. > > Bob, > > please have a look at StructuredMinSSNCount in clamd.conf.
This is what I've got: # This option sets the lowest number of Credit Card numbers found in a file # to generate a detect. # Default: 3 StructuredMinCreditCardCount 1 # This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. # Default: 3 StructuredMinSSNCount 1 I thought for a singular xmission (more appropriate to our environment than a massive disclosure), setting these both to 1 would be appropriate (unless I misunderstand their intent as well). _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
