Hi,
maybe we (5 IT guys) didn't read the documentation on DLP correctly.
Is it intended that capital letters in regex are ignored?
If e.g. we define a regex called "Kreditkarte" and then send an email containing the strings "Kredikarte" or "kreditkarte" the email will not be blocked.
When we change the regex to "kreditkarte", ciphermail blocks emails containing either "Kreditkarte" or "kreditkarte".
Kind regards,
Stefan
Perhaps the documentation is not clear enough.
The regular expression for the DLP pattern should be in lower case
(unless you use (?i)). The reason for this is that the text normalizer
converts all text to lowercase before scanning. Since regular
expressions by default are case sensitive, the reg expr should be
lowercase otherwise it will not match. I have been thinking of auto
convert the reg expr to lowercase but this is not always easy because
there are special reg exp flags which are written in capital case.
Another option I might add is to tell the reg expr to ignore case
because then it does not matter whether you write Kreditkarte or
kreditkarte in the reg exp. The downside is that scanning with case
sensitive switched off is slower and since all text should be scanned
with all DLP rules, this might make things a bit slower (have not tested
the impact).
To sum: the DLP reg exp patterns should be lower case unless it's some
kind of reg exp flag.
Kind regards,
Martijn Brinkers
On 03/11/2015 09:44 AM, Stefan Michael Guenther wrote:
maybe we (5 IT guys) didn't read the documentation on DLP correctly.
Is it intended that capital letters in regex are ignored?
If e.g. we define a regex called "Kreditkarte" and then send an email containing the strings "Kredikarte" or "kreditkarte" the email will not be blocked.
When we change the regex to "kreditkarte", ciphermail blocks emails containing either "Kreditkarte" or "kreditkarte".
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail