Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Archiver Section
  3. Articles

How to configure the MailInsights Data Leakage Detection report in GFI Archiver ( ONLY)

Answer

The Data Leakage Detection Report identifies emails containing credit card, USA Social Security Numbers, or other confidential documents and information. The report configuration can be modified to change the reporting criteria as desired.

Notes
  • When upgrading to a newer version of GFI Archiver, installation files mentioned in this procedure will be overwritten with default versions making the changes void and ineffective. It is therefore suggested to keep a record of this procedure and follow it once again directly after upgrading to keep this functionality intact.
  • This procedure requires to edit files manually. If edited incorrectly it can leave the server in a non-operational state. Please keep backups of any file which is edited throughout this article before saving any changes to them.

How to change SSNs and Credit Card Numbers in a Data Leakage Detection Report

By default, social security numbers (SSNs) and Credit Card numbers are detected using the following dtSearch patterns:

User-added image

Administrators can create their own regexes instead of the default ones listed above. This can be achieved by editing the file DataLeakageReport.xml in Core2/Data (or creating it if it doesn’t exist) as shown in the example below:
  1. Open the folder:
    • GFI MailArchiver 2014 or newer: ..\InstallationFolder\Core\Data
    • GFI MailArchiver 2013 or older: ..\InstallationFolder\Core2\Data
  2. Open DataLeakageReport.xml using notepad
  3. Edit the text as follows and save the file when finished: 
<DataLeakageQueries>
<Queries>
<DataLeakageQuery>
<Name>Medical</Name>
<RegexQuery>[ev]?[0-9][0-9][0-9](\.[0-9][0-9]?)?"" __or ""##[0-9][0-9][0-9][0-9][0-9,a-z]?</RegexQuery>
</DataLeakageQuery>
 
<DataLeakageQuery>
<Name>SocialSecurity</Name>
<RegexQuery>=== == =====</RegexQuery>
</DataLeakageQuery>
</Queries>
</DataLeakageQueries>

How to Disable Default Queries in a Data Leakage Detection Report

Default queries that are thought not to yield good results may be disabled using a “DisableQuery” product key, where the value is a summed combination of the following:

User-added image
  1. Open the folder:
    • GFI MailArchiver 2014 or newer: ..\InstallationFolder\Core\Data
    • GFI MailArchiver 2013 or older: ..\InstallationFolder\Core2\Data
  2. Open product.config using notepad
  3. Type the following text to disable a query:
    • <add key="DisableQuery" value="19" />
      • Note: The example above disables SSNs, Diner’s Club and MasterCard (since 19 == 16 + 2 + 1)
  4. Save the file

How to Modify Keywords in a Data Leakage Detection Report

Emails containing certain keywords thought to relate to sensitive information are also included in the report. The default list of keywords includes the following:
  • Geheimhaltungserklärung
  • Geheimhaltungsvereinbarung
  • Vertraulichkeitsvereinbarung
  • Verschwiegenheitsvereinbarung
  • Geheimhaltung
  • Geheimnis
  • non-disclosure agreement
  • NDA
  • secrecy
  • disclosure agreement
  • secret
To modify or replace the existing list:
  1. Open the folder:
    • GFI MailArchiver 2014 or newer: ..\InstallationFolder\Core\Data
    • GFI MailArchiver 2013 or older: ..\InstallationFolder\Core2\Data
  2. Open product.config using notepad
  3. Enter the following text to add a keyword:
    • <add key="DataLeakageKeywords" value="important,fundamental,vital" />
      • Note: The words in the list are comma-separated
  4. Save the file
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments