Jeremy Laidman wrote: > Hi > > Has anyone shoehorned amavis-new to do compliance policy such as required for > HIPAA? By this I mean detecting keywords within a message that suggest > leakage of personal information (medical records, social security numbers and > the like). > >
does compliance require blocking "bad" mail or just noticing it? If blocking is not required, there is no point in doing the check "online". saving mail to some place and checking it at regular times is enough, and there are a lot of tools that can help implementing this. no need to make amavisd-new more complex than it is. The so-called "unix" philosophy states that a tool should do one thing and do it right. if "bad" messages should be blocked, then you indeed need to do so at filtering time. but implementing email search algorithms in perl is probably a lost battle, unless you're ready to generate different versions of the same email and check in each version. for instance, if the message is in HTML, you'd need to search the "raw" message as well as "sanitized/simplified" variants. mime parts must be searched before and after decoding, ... etc. note that there are two different problems here: - help people when they send a confidential document to the wrong recipient. - block bad guys trying to disclose sensitive info. This is a complex problem. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
