Re: [AMaViS-user] Using amavis-new for compliance?
This is a discussion on Re: [AMaViS-user] Using amavis-new for compliance? within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; On Fri, May 04, 2007 at 09:20:32AM +1000, Jeremy Laidman wrote: > mouss wrote: > > does compliance ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-04-2007
|
|||
|
|||
Re: [AMaViS-user] Using amavis-new for compliance?
On Fri, May 04, 2007 at 09:20:32AM +1000, Jeremy Laidman wrote:
> mouss wrote: > > does compliance require blocking "bad" mail or just noticing it? If > > blocking is not required, there is no point in doing the check "online". > > Blocking is required. .... > > for instance, if > > the message is in HTML, you'd need to search the "raw" message as well > > as "sanitized/simplified" variants. mime parts must be searched before > > and after decoding, ... etc. > > I concede that base64-encoded parts step-up the level of work required. I > hadn't considered that. I'm not so concerned about HTML emails because in > most cases the words will still be present. There are some cases of escaping > which can be worked around. > > > note that there are two different problems here: > > - help people when they send a confidential document to the wrong > > recipient. > > - block bad guys trying to disclose sensitive info. This is a complex > > problem. > > This is insightful, thanks. I was thinking that it's much the same problem. > In my case I want to do the first of these. You can probably leverage some of this by having an amavisd install for outbound mail with a "special" SpamAssassin instance, as SA already has to have facilities for decoding Base64, dealing with character entity HTML encodings, etc. If you write all your info detection and blocking process in terms of SA rules, you might be able to do a reasonable job of getting this off the ground. OTOH, if you are dealing with accidental disclosure of privileged information, it's very likely that you'd be dealing with an internal Office document or PDF file accidentally emailed to the wrong recipient, and as far as I know SA won't really help you with that. It's a tough problem, even if you know what keywords you're looking for. Just some general musings, -- Clifton -- Clifton Royston -- cliftonr@iandicomputing.com / cliftonr@lava.net President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
