000013740 - As of 9.0 p3 the icap server will replace sensitive content in blocked email and send the replacement text to the recipient. The sender will not see any message or error indicating that the content was blocked.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013740
Applies Toicap webmail blocking
ResolutionThe icap server can block webmail, however the sender will see a 403 error from the browser when the message is blocked. There are technical limitations preventing display of a dlp notification to the sender.
To revert to this (old) behavior:

1. Connect with ssh to the icap server host

2. Enter option 6, then 1 to go to a shell prompt

3. Edit the file /opt/tablus/config/nwsystemconfig.xml

4. Add the characters highlighted in yellow below which will comment out (disable) the new handlers in patch 3

 <requesthandlers type="list">

                 <!--handler type="dict">

                     <name type="string">Gmail</name>

                     <args type="dict">

                         <url type="string">mail.google</url>

                     </args>

                 </handler>

                 <handler type="dict">

                     <name type="string">Livemail</name>

                     <args type="dict">

                         <url type="string">mail.live</url>

                     </args>

                 </handler>

                 <handler type="dict">

                     <name type="string">Yahoo</name>

                     <args type="dict">

                         <url type="string">mail.yahoo</url>

                     </args>

                 </handler>

                 <handler type="dict">

                     <name type="string">AOL</name>

                     <args type="dict">

                         <url type="string">mail.aol</url>

                     </args>

                 </handler-->

             </requesthandlers>

 

5. After commenting out, restart icapserver

1.       moncmd stop icapserver

2.       moncmd start icapserver

WorkaroundAs of 9.0 p3 the icap server will replace sensitive content in blocked email and send the replacement text to the recipient. The sender will not see any message or error indicating that the content was blocked.
Legacy Article IDa58332

Attachments

    Outcomes