Hello, The dlp module doesn't seem to be working for me. I was wondering if anyone is using it and has run into the same problem. When I send email with embedded SSNs or a word document with SSNs embedded the mail the email is scanned and sent on its way to the receiver of the email and is not quarantined, bounced or dropped. The maillog file reports the email as clean. In my clamd.conf file I have the following:
# Enable the DLP module # Default: No StructuredDataDetection yes # This option sets the lowest number of Credit Card numbers found in a file # to generate a detect. # Default: 3 # StructuredMinCreditCardCount 5 # This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. # Default: 3 StructuredMinSSNCount 2 # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz # Default: yes StructuredSSNFormatNormal yes # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz # Default: no StructuredSSNFormatStripped yes I am using Postfix-Amavisd-ClamAV on a RHEL operating system. The maillog file reports no errors. When clamd starts up the clamd.log file reports the following: Wed Mar 4 05:47:47 2009 -> +++ Started at Wed Mar 4 05:47:47 2009 Wed Mar 4 05:47:47 2009 -> clamd daemon 0.94.2 (OS: linux-gnu, ARCH: i386, CPU: i386) Wed Mar 4 05:47:47 2009 -> Running as user amavis (UID 101, GID 104) Wed Mar 4 05:47:47 2009 -> Log file size limit disabled. Wed Mar 4 05:47:47 2009 -> Reading databases from /var/clamav Wed Mar 4 05:47:47 2009 -> Not loading PUA signatures. Wed Mar 4 05:47:48 2009 -> Loaded 514122 signatures. Wed Mar 4 05:47:48 2009 -> TCP: Bound to address 127.0.0.1 on port 3310 Wed Mar 4 05:47:48 2009 -> TCP: Setting connection queue length to 30 Wed Mar 4 05:47:48 2009 -> Limits: Global size limit set to 104857600 bytes. Wed Mar 4 05:47:48 2009 -> Limits: File size limit set to 26214400 bytes. Wed Mar 4 05:47:48 2009 -> Limits: Recursion level limit set to 16. Wed Mar 4 05:47:48 2009 -> Limits: Files limit set to 10000. Wed Mar 4 05:47:48 2009 -> Archive support enabled. Wed Mar 4 05:47:48 2009 -> Algorithmic detection enabled. Wed Mar 4 05:47:48 2009 -> Portable Executable support enabled. Wed Mar 4 05:47:48 2009 -> ELF support enabled. Wed Mar 4 05:47:48 2009 -> Detection of broken executables enabled. Wed Mar 4 05:47:48 2009 -> Mail files support enabled. Wed Mar 4 05:47:48 2009 -> OLE2 support enabled. Wed Mar 4 05:47:48 2009 -> PDF support enabled. Wed Mar 4 05:47:48 2009 -> HTML support enabled. Wed Mar 4 05:47:48 2009 -> Structured: Minimum Credit Card Number Count set to 3 Wed Mar 4 05:47:48 2009 -> Structured: Minimum Social Security Number Count set to 2 Wed Mar 4 05:47:48 2009 -> Self checking every 1800 seconds. I have read all the documentation I can find and generally the documentation says to enable it in the clamd.conf file (simple enough it seems). So I assume I have things set correctly. I even did the following strings /usr/lib/libclamav.so.5.0.4 | grep dlp xn--jxalpdlp dlp_is_valid_ssn: SSN_%s: %s dlp_is_valid_cc: AMEX (%s) dlp_is_valid_cc: VISA [1] (%s) dlp_is_valid_cc: Diners Club [1] (%s) dlp_is_valid_cc: Diners Club [2] (%s) dlp_is_valid_cc: JCB [1] (%s) dlp_is_valid_cc: JCB [2] (%s) dlp_is_valid_cc: VISA [2] (%s) dlp_is_valid_cc: MASTERCARD (%s) dlp_is_valid_cc: Discover (%s) and found that it appears to be compiled into the libclamav file. I am running the latest stable version of ClamAV 0.94.2. Any hints or ideas on why it's not working? Thanks for any help or hints to get this working. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
