On 29/05/13 04:02, Salvatore Toribio wrote: > Hi Kunal > > Sorry, no.
Not quite true :-). >From the home page http://qmail-scanner.sf.net/ If an organization is using clamav, Qmail-Scanner can be directly used for Data Loss Prevention (DLP). Localized clamav signature rules can be written that enable Qmail-Scanner to detect and block emails that clamav detects as "malware". A bit of a misuse perhaps - but clamav's built-in support for archival formats and understanding of document types makes it perfect in this role. If you want Qmail-Scanner to log but not block such DLP "hits" (perhaps because the false positive rates are too high to go with full block-mode), then Qmail-Scanner has a "dlp-monitor" option which tells it which regex of normally quarantinable events are in fact to be let past (i.e. without blocking). It will archive a copy of such messages, and the logging will reflect this was a "DLP:" event. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
