Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Matching Visa with RegEx and PGP

Created: 28 Oct 2012 • Updated: 29 Oct 2012 | 1 comment
Mohammad Ashkaibi's picture

Hello

I'm writing to share some info related to regular expressions (regex). A customer of mine has purchased PGP Email Gateway to specifically encrypt outgoing emails containing Visa credit card numbers (these are comprised of 16 digits starting with 4). I'm no regex expert at all so started to look here and there for help. I came across the PGP Universal 'online' help page which could be accessed while configuring conditions in a mail rule (a balloon message appears while hovering over the textbox if the matching operator is "matches pattern").

That page gave me the beginning; a general pattern to catch any credit card number of any type - not only Visa. Here it is: 

[1-9][0-9]{3} ?[0-9]{4} ?[0-9]{4} ?[0-9]{4}

 

The problem is that above is very general that it will produce a considerable number of false positives so I started to dig deeper to know how to customize it. A website that I've found useful is:

http://www.regular-expressions.info/

 

But a very much better and handy one is:

http://krijnhoetmer.nl/stuff/regex/cheat-sheet/

 

Also I've found that the implementation guide of Symantec Mail Security for Microsoft Exchange (SMSMSE) has a great list of examples. Get it from its documentation page.

 

And the BEST is the Regular Expressions Tester tool - which is an add-on for Mozilla Firefox. Actually I had to download Firefox just to use this amazing tool!

 

Finally, the expression that worked for me (and for my customer's business case) is the following:

[^0-9a-zA-Z]4[0-9]{3} ?[0-9]{4} ?[0-9]{4} ?[0-9]{4} -- where the first square brackets ignores possible text or numbers preceding the matching number

 

This also works with SMSMSE and Brightmail (Messaging Gateway). Good luck everybody! yes

 

- Moh

Comments 1 CommentJump to latest comment

Mohammad Ashkaibi's picture

Just a quick update...

My final result above will match on ALL scenarios I tested EXCEPT when the string is on the very beginning of the very first line, which is a hole that must be covered! To account for this I will use ORing within mail policy conditions to match on any one of the following:

( )4[0-9]{3} ?[0-9]{4} ?[0-9]{4} ?[0-9]{4}

^4[0-9]{3} ?[0-9]{4} ?[0-9]{4} ?[0-9]{4}

Now THIS properly detects all that I'm thinking of. cool

 

- Moh