Data Loss Prevention

 View Only

  • 1.  font encoding

    Posted Feb 08, 2016 04:06 AM

    Hello all,

     

    I want to know if there is a possibility to catch mail with "exotic" font used.

    For example, you want to send a word with sensible data and you convert everythink into SYMBOL font.

    The data is now unreadable.

    Symantec does not detect any keywords because of this encoding.

    But at the other side when you get the email, you just need to get back to a readable font like CALIBRI and every thing is OK.

    Can we found a solution to prevent this ?

    Regards

     



  • 2.  RE: font encoding

    Posted Feb 08, 2016 10:29 AM

    You meant you typed a word like "confidential" into an email, then highlighted it and changed the font from Calibri to Wingdings, which then looks like gibberish to the human eye? 

    It won't matter what font is used, as the email system is still using the ASCII codes of the letters to read it.  ASCII doesn't have a font, it is a method to represent characters on a keyboard.  Changing the font won't make a difference.  I confirmed this just now. You can, too.  Type the word "confidential" into MS Word, then change the font to Wingdings.  Then cut and paste it into Notepad, or to a reply to this message.  It will still paste/read "confidential" in whatever font is used in that application at that time.



  • 3.  RE: font encoding

    Posted Feb 12, 2016 11:37 AM

    Hello Ron,

    We have confirmation from Symantec that this is a know problem :

    Symantec Data Loss Prevention (DLP) normalizes text to the Unicode standard. Some proprietary character fonts do not map to the Unicode version supported by DLP.

    In such cases the system cannot normalize the text, resulting in detection being bypassed. Known fonts where this may occur include Microsoft Wingdings, Webdings, and Symbols.

    When a character is converted into Symbols it no longer has an associated internationally recognized Unicode mapping.

    This font isn’t strictly compliant font from a Unicode perspective as it utilises a 'private' Unicode space. And while it works for Microsoft, there is no Internationally recognized way to convert those characters back to Unicode characters.

    there is an Enhancement request open for this:

    Ref: PM-1904 - Wingdings 1,2,3 and Webdings font detection

    Regards