Answer
The Data Leakage Detection Report identifies emails containing credit card, USA Social Security Numbers, or other confidential documents and information. The report configuration can be modified to change the reporting criteria as desired.Notes
- When upgrading to a newer version of GFI Archiver, installation files mentioned in this procedure will be overwritten with default versions making the changes void and ineffective. It is therefore suggested to keep a record of this procedure and follow it once again directly after upgrading to keep this functionality intact.
- This procedure requires to edit files manually. If edited incorrectly it can leave the server in a non-operational state. Please keep backups of any file which is edited throughout this article before saving any changes to them.
How to change SSNs and Credit Card Numbers in a Data Leakage Detection Report
By default, social security numbers (SSNs) and Credit Card numbers are detected using the following dtSearch patterns:Administrators can create their own regexes instead of the default ones listed above. This can be achieved by editing the file DataLeakageReport.xml in Core2/Data (or creating it if it doesn’t exist) as shown in the example below:
-
Open the folder:
- GFI MailArchiver 2014 or newer: ..\InstallationFolder\Core\Data
- GFI MailArchiver 2013 or older: ..\InstallationFolder\Core2\Data
- Open DataLeakageReport.xml using notepad
- Edit the text as follows and save the file when finished:
<DataLeakageQueries>
<Queries>
<DataLeakageQuery>
<Name>Medical</Name>
<RegexQuery>[ev]?[0-9][0-9][0-9](\.[0-9][0-9]?)?"" __or ""##[0-9][0-9][0-9][0-9][0-9,a-z]?</RegexQuery>
</DataLeakageQuery>
<DataLeakageQuery>
<Name>SocialSecurity</Name>
<RegexQuery>=== == =====</RegexQuery>
</DataLeakageQuery>
</Queries>
</DataLeakageQueries>
How to Disable Default Queries in a Data Leakage Detection Report
Default queries that are thought not to yield good results may be disabled using a “DisableQuery” product key, where the value is a summed combination of the following:-
Open the folder:
- GFI MailArchiver 2014 or newer: ..\InstallationFolder\Core\Data
- GFI MailArchiver 2013 or older: ..\InstallationFolder\Core2\Data
- Open product.config using notepad
-
Type the following text to disable a query:
- <add key="DisableQuery" value="19" />
- Note: The example above disables SSNs, Diner’s Club and MasterCard (since 19 == 16 + 2 + 1)
- <add key="DisableQuery" value="19" />
- Save the file
How to Modify Keywords in a Data Leakage Detection Report
Emails containing certain keywords thought to relate to sensitive information are also included in the report. The default list of keywords includes the following:- Geheimhaltungserklärung
- Geheimhaltungsvereinbarung
- Vertraulichkeitsvereinbarung
- Verschwiegenheitsvereinbarung
- Geheimhaltung
- Geheimnis
- non-disclosure agreement
- NDA
- secrecy
- disclosure agreement
- secret
-
Open the folder:
- GFI MailArchiver 2014 or newer: ..\InstallationFolder\Core\Data
- GFI MailArchiver 2013 or older: ..\InstallationFolder\Core2\Data
- Open product.config using notepad
- Enter the following text to add a keyword:
- <add key="DataLeakageKeywords" value="important,fundamental,vital" />
- Note: The words in the list are comma-separated
- <add key="DataLeakageKeywords" value="important,fundamental,vital" />
- Save the file