[AMaViS-user] Using amavis-new for compliance?

This is a discussion on [AMaViS-user] Using amavis-new for compliance? within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; Hi Has anyone shoehorned amavis-new to do compliance policy such as required for HIPAA? By this I mean detecting ...


Go Back   Usenet Forums > Anti-Spam and Anti-Virus Related Forums > Amavis User

Reload this Page [AMaViS-user] Using amavis-new for compliance?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-03-2007
Jeremy Laidman
 
Posts: n/a
Default [AMaViS-user] Using amavis-new for compliance?
Hi

Has anyone shoehorned amavis-new to do compliance policy such as required for
HIPAA? By this I mean detecting keywords within a message that suggest
leakage of personal information (medical records, social security numbers and
the like).

I'm not trying to do HIPAA compliance, but something that's probably similar,
and probably also similar to quarantining based on offensive words list. What
I'm actually trying to do is reject/ban/quarantine a message based on the
message attributes of envelope sender, envelope recipient, subject and a
particular X-header.

The reason for this is to enforce compliance for protective security markings
(PSM) as now required by the Australian Government. For certain recipient
domains in the .gov.au space, messages marked at a moderate security level
(IN-CONFIDENCE) are to be permitted, but those marked above that level (such
as PROTECTED) are to be rejected/quarantined. Messages marked at
IN-CONFIDENCE but going to non .gov.au domains are to be rejected/quarantined.

I've implemented something that seems quite a hack, but seems to work OK.
I've defined my own AV scanner that is actually an anonymous sub that
implements my policy, making use of the global $Amavis::MSGINFO, and returning
my own "virus" name called "PSM". I then adjust the notification templates to
show a different message when the virus name is "PSM" so that instead of
saying "you sent a virus" it says "you sent an email that breached PSM
requirements".

It makes more sense to me to treat these breaches like banned content.
However it's easier to hook into the @av_scanners list than to hack the "file"
executable and try to match some bogus mime type. I'm using v2.4.3, and I
haven't looked closely at the hook features in v2.5 so not sure if they'll do
what I need.

Any guidance or experience from others who have done something similar would
be most helpful.

Cheers
Jeremy

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:28 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0