Sensitive Data is not detected when an rtf file is scanned using ICAP reqmod in DLP
search cancel

Sensitive Data is not detected when an rtf file is scanned using ICAP reqmod in DLP

book

Article ID: 235096

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

When we send a file to the DLP server through the ICAP interface an rtf type file does not detect sensitive data in the file when using reqmod. 

The sensitive data is detected when using respmod.

Environment

Release : Data Loss Prevention 15.7.x

Release: Data Loss Prevention 15.8.x

Cause

The root item comes down to the way DLP handles a file when its received. 

By default DLP Network Monitor and Web prevent support multipart/form-data method for attachments. 

For any different method we need to modify the NonMultipartAttachment.config file.

Resolution

In order to detect the file we need to update NonMultipartAttachment.config file as below.

Steps

  1. Take backup of file C:\SymantecDLP\Protect\config\NonMultipartAttachment.config
    • Go to the following dir
      • on Windows: \Program Files\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\config or go to the following dir
      • on Linux:  /opt/Symantec/DataLossPrevention/DetectionServer/15.8.00000/Protect/config 
  2. Add below line to NonMultipartAttachment.config
    • #( This line is for your identification, you can use a naming convention best for your environment ) 
      Host == localhost :: URIPATH
    • The host can be pulled via a stack trace of the reqmod or via the DLP logs
  3. Recycle services on Web prevent server.
  4. Resend the file to ensure resolution