Content Filters Disclaimers
We have a content filter that look for the word "confidential" In email body and attachment, we keep getting hits on the contents of disclaimers we can exclude our disclaimers because we know the text the issue comes from 3rd party disclaimers where we do not know the contents of the disclaimer.
Is there a way of
stripping all disclaimers from the email body
or
Ignoring all disclaimers
Any suggestions would be appreciated we have been battling with this for some time now.
Regards
Andrew
You're getting false positives precisely because the word will pop up in a lot of other places. If you were able to eliminate all third party disclaimers (a nigh-impossible task because other organisations may adopt any old format or technology) then I imagine that you would find many other hits.
I would hope that the state of the art in DLP is somewhat more sophisticated, but if you want to catch confidential information by simple content checking then search for a phrase that is innocious, obscure and won't give you false positives. Salt your customer data with a bogus name or address, include the phrase white-on-white in your confidential document template, use more than one phrase so the trigger word doesn't become known to your entire senior management team.
For credit card numbers and possibly patient identity numbers (whether there's a format to suit you or not depends on your locale) speak to your reseller about DLP capabilities. See if it's worth buying a key or not, but catching that type of information depends on there being a blanket rule against passing the information by e-mail, otherwise you are again awash with false positives.
Similar Messages
-
Hello
Previously I used Exchange 2010 with Forefront Threat Protection installed and this used to do a good job of stopping all the spam.
However since updating to Exchange 2013 earlier this year and enabling the integrated spam filtering everyone noticed a sudden increase in the amount of spam which was getting through which has been bad for a long time.
We have been living with it but in the last 3 weeks everyone has started getting about 40 emails a day from Pfizer for Viagra. All these seem to defeat the content filtering as Viagra is spelt with an extra I and the email address is always different.
Also images in emails are blocked by default but somehow all the images on these spam messages appear for everyone.
I am not sure the spam filtering is working at all and I'm not sure how to tell as ForeFront gives you a nice graphical dashboard but I can find nothing similar to this in Exchange and PowerShell seems the only way to configure the limited functionality
of the content filter.
Is there any way to get rid of these messages as it doesn't look very good when they are constantly popping up for everyone?
Thanks
Robin
Robin WilsonHello ManU
Thanks for the reply.
I have checked the logs and see this quite often:
AcceptMessage,,SCL,not available: policy is disabled
But other times it says this:
RejectMessage,550 5.7.1 Message rejected as spam by Content Filtering
Which seems to indicate it is rejecting some.
This is what one of the email headers look like:
Received: from RWS-MAIL.rwsservices.net (192.168.2.151) by
RWS-MAIL.rwsservices.net (192.168.2.151) with Microsoft SMTP Server (TLS) id
15.0.775.38 via Mailbox Transport; Sat, 28 Dec 2013 10:59:26 +0000
Received: from RWS-MAIL.rwsservices.net (192.168.2.151) by
rws-mail.rwsservices.net (192.168.2.151) with Microsoft SMTP Server (TLS) id
15.0.775.38; Sat, 28 Dec 2013 10:58:38 +0000
Received: from [90.169.106.204] (90.169.106.204) by mail.rwsservices.net
(192.168.2.151) with Microsoft SMTP Server id 15.0.775.38 via Frontend
Transport; Sat, 28 Dec 2013 10:58:37 +0000
Date: Sat, 28 Dec 2013 12:05:58 +0200
From: US.Pfizer eStore <[email protected]>
To: robin.wilson <[email protected]>
Message-ID: <[email protected]>
Subject: Dear robin.wilson up to 65% OFF!
X-Mailer: Airmail (223)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="dd2ee3ea_586bb9e4_6f04"
Return-Path: [email protected]
X-MS-Exchange-Organization-PRD: 001-taxis.co.uk
X-MS-Exchange-Organization-SenderIdResult: Neutral
Received-SPF: Neutral (rws-mail.rwsservices.net: 90.169.106.204 is neither
permitted nor denied by domain of [email protected])
X-MS-Exchange-Organization-Network-Message-Id: e8825204-1f32-48be-a331-08d0d1d30209
X-MS-Exchange-Organization-SCL: 1
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.13223.464;SID:SenderIDStatus Neutral;OrigIP:90.169.106.204
X-EXCLAIMER-MD-CONFIG: 079171ba-394f-46d5-a160-56e416712e8e
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: rws-mail.rwsservices.net
X-MS-Exchange-Organization-AuthAs: Anonymous
The emails use a different sender email address every time and there is always a poem in very light grey writing in the body of the email. The drugs are always misspelt as well. Is this why these are getting through?
Thanks
Robin
Robin Wilson -
Exchange 2013 SP1 EDGE role content filtering ?
Hello,
Have Exchange 2013 SP1 with CU5 with antispam enabled on mailbox role server. And i wonder if i deploy 2013 Edge role, will i get more granular content filter control, like there is in Office 365? For example: i want to treat empty messages as not
spam.
I have read that control of Edge server is done ONLY by powershell. So if edge role is deployed, still there is no content filter control in ECP (like in office365) ??Hi,
The Content Filter agent assigns a spam confidence level (SCL) rating to each message. The SCL rating is a number between 0 and 9. A higher SCL rating indicates that a message is more likely to be spam.
Based on my knowledge, I'm afraid we can't filter the empty messages and treat them as not spam.
Here is an article about content filtering in Exchange 2013 for your reference.
Content Filtering
http://technet.microsoft.com/en-us/library/bb124739(v=exchg.150).aspx
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Belinda Ma
TechNet Community Support -
Conditions based on "EnvelopSender" in Content Filters
When defining Content Filters, I need to define conditions based on the sender of an email. For example, if the sender is Jim or John, and Subject Line contains a tag [CONFIDENTIAL], the action should be to encrypt the mesasge.
I realize this could easily be done using LDAP groups. But my problem is that for a number of opertaional reasons I cannot connect our IronPort to our corp LDAP.
An alternative is to directly code the user names in the condition statement. This is ugly and problematic for admins and possibly causes other problems as the number of users grows. Could anyone suggest an alternative?
Is there any option of having the Condition statement open a file and read the "sender" names from the file maintained somewhere on the local or a remote disk? Any other option?
Thanks.I would suggest looking at creating a dictionary that would list the addresses of the individuals. You can use that dictionary from which to base your planned action. Using LDAP is by far the better option for keeping a list up to date, as the dictionary will need to be updated regularly as addresses change, added or removed.
-
Using Content filters (HTML Filter)
Hello.
I'm having problem displaying an html-page in the portal with an url-iview. The problem is that the portal is accessed using HTTPS, and the url-iview links to a html-page using http.
This will generate a popup in internet explorer about unsecure content.
I thought that a way to solve this could be to connect KM to the page and then let the url-iview show the html-page throw the KM Repository.
This works fine, however there is still one problem.
Inside the HTML page, there is <IMG src> tags that reffers to the http site.
How can I configure HTML filters to rewrite all image and stylesheet references via KM instead of to the http-site?
I've tried to understand the documentation on Content Filters (http://help.sap.com/saphelp_nw04/helpdata/en/55/921d7bb0c611d5993800508b6b8b11/content.htm), but I don't know what to write in "Base Tag" property, or ir this even works.
Does anyone know if there is an example about this? Or perhaps know how to configure this?
Regards, MikaelThis can be done, but it might not be a optimal solution. You would basically parse each HTML file and replace the links before streaming the content. You can create your own version of com.sap.km.cm.docs component which streams the content of a HTML file by replacing the links. And you would use your own component for creating the KM doc iviews that way you will have altered HTML links.
-
Hi, all:
I'm trying to configure TrendMicro IOS content filtering. I have this working on a separate box, running 15.1.
On this particular testbed, I have a 2900 running:
System image file is "flash0:c2900-universalk9-mz.SPA.152-3.T1.bin"
And the following licensing:
Technology Package License Information for Module:'c2900'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data datak9 Permanent datak9
Configuration register is 0x2102
CUBE_GOLD_MEX#show ip trm subscription status
Package Name: Security & Productivity (Trial)
Status: Active
Status Update Time: 18:02:51 CST Mon Jul 23 2012
Expiration-Date: Mon Aug 20 02:00:00 2012
Last Req Status: Processed response successfully
Last Req Sent Time: 18:02:51 CST Mon Jul 23 2012
CUBE_GOLD_MEX#
Also, I have the following config lines on it:
ip host trps.trendmicro.com 216.104.8.100
ip name-server 4.2.2.2
ip cef
multilink bundle-name authenticated
parameter-map type urlfpolicy trend tm-pmap
allow-mode on
[snip]
parameter-map type trend-global trend-glob-map
class-map type inspect match-all http-imap
match protocol http
class-map type urlfilter trend match-any drop-category
match url category Abortion
match url category Activist-Groups
match url category Adult-Mature-Content
match url reputation ADWARE
match url reputation DIALER
match url reputation DISEASE-VECTOR
match url reputation HACKING
match url reputation PASSWORD-CRACKING-APPLICATIONS
match url reputation PHISHING
match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
match url reputation SPYWARE
match url reputation VIRUS-ACCOMPLICE
policy-map type inspect urlfilter trend-policy
class type urlfilter trend drop-category
I have not been able to get to the good part of configuring the ZBF.
I've looked over several configuration examples and can't figure out what I'm doing wrong, since I'm not able to see the command 'parameter-map' under the 'policy-map urlfiltering'
XXXXXX(config)#policy-map type inspect urlfilter trend-policy
XXXXXX(config-pmap)#?
Policy-map configuration commands:
class policy criteria
description Policy-Map description
exit Exit from policy-map configuration mode
no Negate or set default values of a command
XXXXXX(config-pmap)#
I thought it might be an issue with version 15.2.3, but according to configuration guides, commands are the same.
Can anyone provide some assistance?
TIA.
c.Hi Carlos,
I am having the same problem. I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2. Maybe they forgot it :-)
I guess I will open a TAC case as I do not want to downgrade...
I will keep you posted if I find the answer.
Regards,
Troy -
RV220W - Content filtering not working (?)
Hello, I bought a router model RV200W fw 1.0.1.0... nice toy.
It all works very well with the exception of content filtering. The rule only works if connections are made with the HTTP protocol, but if the user connects with HTTPS, then the rule is not considered... (???)
f.e.:
http://facebook.com (content filtered)
https://facebook.com (content NOT filtered)...
What the hell ! where I'm wrong ?
Does anyone is experiencing the same ?Yes, the correct title was "URL FILTERING NOT WORKING"...thanks abudef000
I do not want be polemical, but I do not understand where I went wrong.
Before I buy I looked @
http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps11025/data_sheet_c78-630461.html
Check it out.
Could you assume that HTTPS URLs are not in the sentence "Static URL blocking, keyword blocking, approved URL" as stated in the product sheet ? -
DHCP reservation & DNS for content filtering
Hi All,
I am working around with server 2008 for quite a while and facing a problem as below,
1.DHCP reservation error
Server Ip:192.168.0.254 (configured as DNS server for local use only with AD & DHCP)
DHCP scope: 192.168.0.100 to 192.168.0.200 excluded 192.168.0.100 to 192.168.0.110
earlier the same scope was 192.168.0.10 to 192.168.0.100. I was facing a error when I make a IP reservation against a MAC number error was " The unique identifier may not be correct do you want to use the identifier anyway" when I click yes "DHCP
server received a message from a client that is not valid" and by this error I am not able to make any reservations now against MAC numbers.
The same error was also on the earlier scope and that's why changed to a new scope but did not work. Any solutions will me much appreciated
2.DNS fine tuning.
I have an open DNS account on which my WAN IP number is configured to do a content filtering. I have two LAN ports with the below IP number
Local : 192.168.0.254 ( configured with no gateway and DNS as loopback (127.0.0.1)
ISP: 192.168.0.253 (with ISP gateway and DNS as loop back adapter & open DNS)
I have did a content filtering and things are working fine. But I got to open up some machines out of this content filtering and when I try to give the IP number in this below fashion.
192.168.0.115
255.255.255.0
192.168.0.1
DNS
192.168.0.254
ISP DNS to avoid filtering
I find that 192.168.0.254 does the resolving and things are still filtered as per the schedule. Is there a way where we can configure 192.168.0.254 (Local DNS server) to stop resolving web requests and only cater to resolving local names for connectivity.
I do know its too long but solutions for the same will be help me out to solve it. Thanks in advance.
Regards,
VaschellHello,
I have found something strange on the DHCP reservation. When I try to add a MAC number out of the network its able to make out a reservation.
Is there any way to clear the MAC number cache or something else which I can try.
A copy of the ipconfig /all for the server is below,
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : xyzabc.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xyzabc.com
Ethernet adapter LOCAL:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
#2
Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.254(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter ISP:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DB
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.253(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.205(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0602F6CF-4B32-491F-994A-3C0952D
B54}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6A14710B-A078-4AF9-BD7A-989767F
377}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>
Thanks,
Vaschell -
I have a Samsung Galaxy SII with T-Mobile. The model #is SGH-T989, Android version 2.3.6
"Content filter" is the Android Market's method for restricting certain applications that may provide access to "mature" content. You can disable content filtering in the settings of the Market app on your phone.
-Michelle -
<blockquote>Locking duplicate thread.<br>
Please continue here: [[/questions/918255]]</blockquote>
When I try to download Firefox for Android I get the message as previously stated. I have a Samsung Galaxy SII with T-Mobile."Content filter" is the Android Market's method for restricting certain applications that may provide access to "mature" content. You can disable content filtering in the settings of the Market app on your phone.
-Michelle -
How to change content filtering level 101
I am not saavy when it comes to phone technology. I am trying to change the content filtering level on my Motorola so I will be able to download apps, when I try to download I get a message stating the content filtering level won't allow me to download the app. I cannot even figure out where the menu is option is to access the settings
. Any help will be greatly appreciated. Thank you in advance. PTry going to settings (swipe down from top and select the settings button then find security, in there you should find the settings you are looking for.
-
Content filters based on Group Best Practice
What is best practice for Content filters based on Group.
What we wanna accomplish.
We have few groups but i'll make an example on two.
We have one group that have allowed "Media" and another group that have allowed "Exe".
What is best practice if one user is in both group.
How would you do Content filtering?
I dont see in Content filtering condition
if (Envelope Recipient does not mach group) then Block.
Is the best way to create first?
If (attachment.type="Media") then (insert header="sometext);
and after in Content filter below
if (Envelope Recipient) and (Header does not contain "sometext") then Block.Hi,
I understand that I will have to use BPM. What is the best way? -
Content Filters have been selected through My Verizon Security Suite; however, it blocks TV shows that I would like to watch. How do I prevent this?
I know the importance of safe guarding your children, sdkullman. The Droid Maxx would be able to support content filters. What happens when you try adding them: http://vz.to/1xqrYFw There are third party applications that can be installed through the Play Store which allow you to filter content. However, because these are third party it is recommended that you read the reviews to understand how it will affect the device.
AndreaS_VZW
Follow us on Twitter @VZWSupport -
IronPort C160.
async OS 6.5.3
Server 1 and server 2 are communicating through ironport.( and also scanning)
Server 1 we have setup domain abc.lk and yy.abc.lk in same server, this reside on DMZ. same segment ironport is connected,
Server 2: we have setup separate server int.abc.lk which is resided on internal lan.
Server 1 and server 2 should have to communicate internally, but server2 should not communicate to outside the world (eg. [email protected])
How do I create "Outgoing Mail Policies, Outgoing content filters and the individual content filters?
Note: Now server 1 and server2 are communicating internal and also communicating external ([email protected]), I need server 2 not to communicate external ([email protected]) it should be block and also do not block server 2 communicating to server1
I have attached diagram also.
Thanks.
sumathi./* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hello Sumathi,
(Thanks for adding a diagram, that helps understanding your situation)
I think the simplest solution is to create a filter that allows server 2 (based on it's IP) to communicate with the internal domains, and drop the messages when they are targeted to any other domain
so:
filter source IP = servers
condition: message to: is NOT abc.lk or yy.abc.lk
action: drop message
hope this helps!
Steven -
How can I set my content filtering to allow me to access all my email and applications
I got an email and tried to view the information on the link but could not due to content filtering
Hi ms.B,
What are you using for content filtering?
Maybe you are looking for
-
Acrobat 9.4 Pro PDF-Printer
Hi everybody, i have a word file (Word 2011 Release) with underline text in font verdana. When i create a pdf via "print" and select the adobe printer the underline is gone. I created a Microsoft Support Ticket, but they say its not a word problem. W
-
Robohelp 8 Webhelp Does Robohelp have a built in feature for FAQ creation?
-
Aperture 3 problems syncing to iPhone
I'm trying to sync "selected albums" from Aperture 3 in iTunes 9.0.3 and can't get the smart albums "In the last week" & "In the last month" to show any photos. They list 0 photos. Furthermore every time I sync, iTunes automatically unchecks the "In
-
Hi Experts, Could you please share standard SAP documents/materials for 'SAP ISU - Work Management'. Thanks in advance. Regards, Shailesh
-
Can I get audio to play til the end, even if I turn the page?
I know how to add a quicktime audio file, but once you turn to the next page, the audio file stops. Is there a way to set the audio to play til the end regardless of how many pages you turn? Or would I have to split up the audio and have the user pla