Emails are sent without attachments, but DLP triggers an incident with an attachment
Release : 15.8 or above
Component : Email Prevent, Network Monitor (SMTP)
An internal system building [email protected] emails is embedding base64 coded information in emails.
Emails are being sent with base64 encoded attachments
When the email is saved as .eml and opened with Notepad, the following is seen.
Content-Type: application/octet-stream;
name=hidden_file.zip
Content-Transfer-Encoding: base64
Content-Disposition: attachment
DLP successfully detects base64 encoded attachments
This is working as designed.