Block Emails or Files including archives or Social Posts using Keywords
- 1 Overview
- 2 Manage Keyword Signatures using Self Service portal
- 3 Configure SafeSquid SWG for using Custom Signatures
- 4 Testing Signature detection
- 5 Troubleshooting
When you have confidential information in your organization and someone from internal users just leaked the information intentionally or unintentionally, then what will happen? Huge productivity loss.
There are various mediums for data leakage. Users can upload important document to internet, even though your content filtering software does not allow users to upload Microsoft Word and Microsoft XL files, users can act smart and creates an archive using those files and tries to upload achieved files. You cannot simply block archives in your organization because there are people who simply use archive to transfer log files of large sizes.
There are other users who simply take information out of Microsoft Word and Microsoft XL and simply send an Email to third party.
In modern era, these kind of data leaks are become a challenge for organizations. Organizations are in a quest for content filtering software’s which can deeply inspect archive files and able to identify whether the archive or emails which contains certain keyword matches.
This challenge is also big for security experts because when there is an upload the post data formation is different for Gmail / Google Drive/ Media fire/ Drobox etc. The wide range of formations of post data made it difficult for security experts to derive concrete solution to these challenges.
But SafeSquid come up with Advanced DLP solution embedded into SafeSquid SWG, which analyzes post data, deeply inspect archives using file decomposition methods and able to identify whether archive or emails or social media posts contains certain keyword matches. Based on the match you can take effective actions like block upload if user is so and so or block if the destination website is so and so.
The Advanced DLP solution can be managed from SafeSquid Self Service portal there you can create various keyword expression matches. SafeSquid SWG will download those keyword expressions and loads into memory. When an archive is uploaded or email is written, SafeSquid SWG analyzes Post data and transmit it to the ClamAV daemon for Signatures verification. If the keyword expression matches ClamAV daemon responds with match. SafeSquid will take respective action based on match.
Configure SafeSquid SWG for using Custom Signatures
Open SafeSquid Interface and move to ClamAV Section under real time content security.
Click on Global and Enable ClamAV Section.
You will see following.
Enable policy in the subsection for signature detection.
You will see following.
Note: Once you configured policy as shown above go to Support and click on Refresh button for refreshing subscription details.
Testing Signature detection
Test using office documents
Set proxy settings in client browser and open Gmail. You must see that SafeSquid has inspected your mail traffic other wise blocking is not going to happen.
Create a Microsoft file using your set of keywords and also prepare a archive.
Now try to attach file. SafeSquid Should block attachment.
That's it. Your created signatures are in the action and your data is safe.
Test using archive files
Attach your archive and you should see that archive is blocked by SafeSquid.
Test using emails
Create an email draft using set of keywords for which you have created signatures.
SafeSquid will identify them and blocks. You can see that Save Failed in gmail compose box.
When you click on send then the mail will be keep on in Sending mode. It will not cross user desktop and your data is safe.
Open www.facebook.com and login using your credentials.
You can perform same tests with any of the websites by posting data with specified keywords. You are not allowed to post such an important information.
Check SafeSquid logs
You can view SafeSquid logs for troubleshooting. If things are not working as explained.
Check ClamAV daemon Status
Check whether ClamAV daemon is running or not.
If you found that ClamAV daemon is not running then restart using following command.
Check Signatures File
If ClamAV service is running then check whether you have signatures database file on disk or not using locate command.
root@sab:~# updatedb && locate safesquid.ldb
Check ANTIVIRUS profiles applicability.
If You still has any problems you can send us mail at firstname.lastname@example.org