File
attributes are specific properties of a file. Use two file attributes when defining
data
identifiers: file type and file size. Note that file attributes can apply only to
message
attachments. Therefore, if a DLP template containing file attributes is used in a
DLP policy,
the message headers, subjects or bodies will not match the corresponding DLP policy
rule in
any cases. Trend Micro recommends combining file attributes with other DLP data identifiers
for a more targeted detection of sensitive files because file attributes, by themselves,
are
poor identifiers of sensitive files.
For example, a company may want to block the keyword "source code" in message
bodies and attachments except PDF files. The ScanMail administrator needs to create two DLP policies, one for message
bodies and the other for message attachments.
-
DLP policy 1
- DLP data identifiers: keyword (source code)
- Target: message body
-
DLP policy 2
- DLP data identifiers: keyword (source code) AND file attribute (except PDF files)
- Target: message attachment
Administrators can use predefined and customized file attributes. For details,
see Predefined File Attributes and
Customized File Attributes.