[clamav-users] SSN question

Matus UHLAR - fantomas uhlar at fantomas.sk
Sat Apr 10 13:54:49 UTC 2021 

On 06.04.21 15:51, eric-list at truenet.com wrote:
>I noticed no one emailed you back.

I usually give people time to think, so thank you for doing it.

>I personally would just use a yara regex if needed, but I would definitely
>test first with just yara to make sure there isn't too many false positives.
>
>If you've never created a yara file, it's just really a regex.
>Searching on Google, as there may be something already:
>https://regexlib.com/UserPatterns.aspx?authorid=1c12ce3c-cb6a-43c3-8d86-4ea8
>777f4393
>
>
>/*************** Slovak_ID.yar ***************/
>rule slovak_id_format
>{
>	strings:
>		$re1 =
>/([0-9]{2})(01|02|03|04|05|06|07|08|09|10|11|12|51|52|53|54|55|56|57|58|59|6
>0|61|62)(([0]{1}[1-9]{1})|([1-2]{1}[0-9]{1})|([3]{1}[0-1]{1}))/([0-9]{3,4})/
>	condition:
>		$re1
>/******************************************/
>
>No clue, but looks like the format of this one is different, as I would
>expect either 19 or 20 to start, but this says 0-9 for both.

first two PIN digits are just the last two digits of birth year, so yes, any
combination is possible.

I tried optional space before/after the slash which made the RE even more
effective.


>-----Original Message-----
>From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of
>Matus UHLAR - fantomas
>Sent: Tuesday, April 6, 2021 12:03 PM
>To: clamav-users at lists.clamav.net
>Subject: [clamav-users] SSN question
>
>Hello,
>
>I see that I can enable DLP by enabling
>
>StructuredDataDetection true
>
>which allows for scanning credit card numbers  and social security numbers
>in US format.
>
>Is there any possibility to enhance this by adding other formats?
>
>in slovakia we have numbers in format YYYYXMDD/OPQR?
>
>... i can scan these in spamassassin but perhaps ehnancing clamav (and
>therefore everything that uses clamav) could be useful.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

More information about the clamav-users mailing list