Incidents message body does not appear in human readable clear text
Article ID: 217146
Updated On:
Products
Data Loss Prevention Network Monitor
Data Loss Prevention Network Email
Issue/Introduction
We have received a number of SMTP incidents where the message body is not in a “human readable” format.
For example here is an obfuscated incident:
Environment
Release :15.x, 16.x
Component :
Cause
In the incident body details we can see the line Content-Transfer-Encoding: base64 which means the contents is base64 encoded which DLP does not currently have the ability to decode.
Resolution
DLP is working by design, this is not a bug. We have an open feature request to add support for base64 decoding in a future release, here is the reference:
PM-2251 - Detection - Support detection of data encoded with common transformation such as Base64, ROT13, etc
The suggested workaround would be decode the base64 content before it is forwarded to the DLP Detection Server.
Feedback
Yes
No
Powered by
