Jason, Thanks for the feedback, I've opened up the following bugs as possible enhancements for a future release.
1321 1322 If you have any other data pertaining to your evaluation; what worked, what didn't, what the software/device really should have done. I'd love to hear it to help improve this part of ClamAv. Feel free to contact me off list if that data isn't something you want to share on list. Cheers, -matt On Wed, Dec 17, 2008 at 1:42 PM, Jason Haar <[email protected]>wrote: > This is a very good question as it makes an important point. As ClamAV > now states it has DLP functionality, doesn't that imply it will support > the ability to sites to create their own rules - and by that I don't > mean writing your own C code. > > We've just finished a DLP evaluation recently, and all the other DLP > vendors products allow you to do things like "learn" from scanning > directory structures what data to classify as "important" (like > Intellectual Property). e.g. you scan a directory full of HR data and > configure your DLP systems to squeal if it ever sees those files (or > even subsections of those files) leaving your network. > > DLP products seem to be similar to AV in that they scan the files, > create checksums of sections, and then apply some logic so that when > they see "chunks" of data on the network that generate the same > checksums, they jump-up-and-down (pretty scary to see your servers doing > that ;-) > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
