We are using the RegEx provided by IronPort to do some testing and are scanning all outbound messages using this RegEx.
However we have got forms that go out to customers that by the Natioanl Insurance number request field there is a NI Number to show an example (AB123435C). This of course then triggers the content filter and the message is incorrectly stopped.
We want to try and stop this from happening as it is going to casue major issues with false positives. We have thought about adding a rule that if AB123435C "is Not" contained within the message body or attachment, but this would mean that if someone were to email out a completed form that had both the sample NI number and the customers correct NI number then it would be ignored, which of course is unacceptable.
The only way I can see to do this, is to add to the dictionary (or create a new one) that contains AB123435C with a Minus score that equals the score that the RegEx gives it.
So if the RegEx give a score of 1, then the AB123435C entry would have to give a score of -1. This would mean that the example NI would be ignored, but any real NI numbers would still be picked up.
The problem is that I don't think there is the feature to give minus scores to dictionary terms. Has anyone else either requested this or have a better idea?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...