DLP rules fail to fire on some messages with double byte content

book

Article ID: 158519

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

When using the Symantec Messaging Gateway (SMG) data loss prevention (DLP) integration with Symantec DLP Prevent, the data loss prevention rules in Messaging Gateway (SMG) do not always filter messages which include double byte character set (DBCS) content.

Cause

This is a known issue with some versions of DLP Prevent.

Inspection of messages with DBCS content which are not filtered as expected show that they contain the X-CFilter-Loop header indicating that they were processed by DLP Prevent but do not contain the X-dlp-policyid or X-dlp-uniquemessageid headers. This means that while DLP processed the message, the expected DLP Prevent rules did not match the message.

Note: this issue does not appear to affect HI-ASCII encoded content and is limited to an intermittant issue with DBCS content.

Resolution

This is a known issue with some versions of DLP Prevent and will be addressed in a future release of that product.

Please subscribe to this article to not automatically notified of any updates.