I'm current struggling to get the DLP detection in ClamAV to work. I've linked my clamd.conf and sendmail.cf files for reference. It's possible I don't really understand how the detection works so I'll describe how I'm testing it.
Clamd.conf: http://www.bawcsa.org/~bgahl/clamd.conf Sendmail.cf: http://www.bawcsa.org/~bgahl/sendmail.cf First off, I've confirmed that ClamAV is, indeed, scanning email. When I send the eicar.com file to a local account on the system, the email gets rejected by ClamAV by: a) sending an email to the sender indicating that a virus is detected. b) offending email ends up in the ClamAV quarantine. To test the DLP detection, I'm putting: SSN: 555-55-5555 in the body of the test email when I send it. The target address of the email is the machine that ClamAV is running on. I have, in fact, put my actual SSN in the email as well. In either case, the email is passed w/o detection. Note that I have tested SSNs with and without hyphens. I've also tried turning on both detection mechanisms as well as either one (as I'm not sure the detection is either/or or both/and. Nothing seems to work. Any direction would be greatly appreciated. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
