This is a very good question as it makes an important point. As ClamAV now states it has DLP functionality, doesn't that imply it will support the ability to sites to create their own rules - and by that I don't mean writing your own C code.
We've just finished a DLP evaluation recently, and all the other DLP vendors products allow you to do things like "learn" from scanning directory structures what data to classify as "important" (like Intellectual Property). e.g. you scan a directory full of HR data and configure your DLP systems to squeal if it ever sees those files (or even subsections of those files) leaving your network. DLP products seem to be similar to AV in that they scan the files, create checksums of sections, and then apply some logic so that when they see "chunks" of data on the network that generate the same checksums, they jump-up-and-down (pretty scary to see your servers doing that ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
