Mailing List Archive

SSN question
Hello,

I see that I can enable DLP by enabling

StructuredDataDetection true

which allows for scanning credit card numbers and social security numbers
in US format.

Is there any possibility to enhance this by adding other formats?

in slovakia we have numbers in format YYYYXMDD/OPQR?

... i can scan these in spamassassin but perhaps ehnancing clamav (and
therefore everything that uses clamav) could be useful.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: SSN question [ In reply to ]
Matus,

I noticed no one emailed you back.
I personally would just use a yara regex if needed, but I would definitely
test first with just yara to make sure there isn't too many false positives.

If you've never created a yara file, it's just really a regex.
Searching on Google, as there may be something already:
https://regexlib.com/UserPatterns.aspx?authorid=1c12ce3c-cb6a-43c3-8d86-4ea8
777f4393


/*************** Slovak_ID.yar ***************/
rule slovak_id_format
{
strings:
$re1 =
/([0-9]{2})(01|02|03|04|05|06|07|08|09|10|11|12|51|52|53|54|55|56|57|58|59|6
0|61|62)(([0]{1}[1-9]{1})|([1-2]{1}[0-9]{1})|([3]{1}[0-1]{1}))/([0-9]{3,4})/
condition:
$re1
/******************************************/

No clue, but looks like the format of this one is different, as I would
expect either 19 or 20 to start, but this says 0-9 for both.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of
Matus UHLAR - fantomas
Sent: Tuesday, April 6, 2021 12:03 PM
To: clamav-users@lists.clamav.net
Subject: [clamav-users] SSN question

Hello,

I see that I can enable DLP by enabling

StructuredDataDetection true

which allows for scanning credit card numbers and social security numbers
in US format.

Is there any possibility to enhance this by adding other formats?

in slovakia we have numbers in format YYYYXMDD/OPQR?

... i can scan these in spamassassin but perhaps ehnancing clamav (and
therefore everything that uses clamav) could be useful.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: SSN question [ In reply to ]
Hi there,

On Tue, 6 Apr 2021, Matus UHLAR - fantomas wrote:

> I see that I can enable DLP by enabling
>
> StructuredDataDetection true
>
> which allows for scanning credit card numbers and social security numbers
> in US format.
>
> Is there any possibility to enhance this by adding other formats?
>
> in slovakia we have numbers in format YYYYXMDD/OPQR?
> ... i can scan these in spamassassin but perhaps ehnancing clamav (and
> therefore everything that uses clamav) could be useful.

Perhaps this should go to the development list? Or/and Bugzilla?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: SSN question [ In reply to ]
On 06.04.21 15:51, eric-list@truenet.com wrote:
>I noticed no one emailed you back.

I usually give people time to think, so thank you for doing it.

>I personally would just use a yara regex if needed, but I would definitely
>test first with just yara to make sure there isn't too many false positives.
>
>If you've never created a yara file, it's just really a regex.
>Searching on Google, as there may be something already:
>https://regexlib.com/UserPatterns.aspx?authorid=1c12ce3c-cb6a-43c3-8d86-4ea8
>777f4393
>
>
>/*************** Slovak_ID.yar ***************/
>rule slovak_id_format
>{
> strings:
> $re1 =
>/([0-9]{2})(01|02|03|04|05|06|07|08|09|10|11|12|51|52|53|54|55|56|57|58|59|6
>0|61|62)(([0]{1}[1-9]{1})|([1-2]{1}[0-9]{1})|([3]{1}[0-1]{1}))/([0-9]{3,4})/
> condition:
> $re1
>/******************************************/
>
>No clue, but looks like the format of this one is different, as I would
>expect either 19 or 20 to start, but this says 0-9 for both.

first two PIN digits are just the last two digits of birth year, so yes, any
combination is possible.

I tried optional space before/after the slash which made the RE even more
effective.


>-----Original Message-----
>From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of
>Matus UHLAR - fantomas
>Sent: Tuesday, April 6, 2021 12:03 PM
>To: clamav-users@lists.clamav.net
>Subject: [clamav-users] SSN question
>
>Hello,
>
>I see that I can enable DLP by enabling
>
>StructuredDataDetection true
>
>which allows for scanning credit card numbers and social security numbers
>in US format.
>
>Is there any possibility to enhance this by adding other formats?
>
>in slovakia we have numbers in format YYYYXMDD/OPQR?
>
>... i can scan these in spamassassin but perhaps ehnancing clamav (and
>therefore everything that uses clamav) could be useful.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: SSN question [ In reply to ]
>On Tue, 6 Apr 2021, Matus UHLAR - fantomas wrote:
>>I see that I can enable DLP by enabling
>>
>>StructuredDataDetection true
>>
>>which allows for scanning credit card numbers and social security numbers
>>in US format.
>>
>>Is there any possibility to enhance this by adding other formats?
>>
>>in slovakia we have numbers in format YYYYXMDD/OPQR? ... i can scan
>>these in spamassassin but perhaps ehnancing clamav (and
>>therefore everything that uses clamav) could be useful.

On 07.04.21 00:17, G.W. Haywood via clamav-users wrote:
>Perhaps this should go to the development list? Or/and Bugzilla?

I don't feel joining devel list. I can fill out bugreport but first wanted
to discuss it here to see if it makes sense for others.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml