FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Adrian_Buckley_FTNT
Article Id 191111

Description

All major credit card numbers have a defined set pattern, for example:
American Express
First two digits will be 34 or 37.
Total length will be 15 digits.
Visa
First digit will be 4.
Total length will be either 13 or 16 digits (depends on card type).
Master Card
First digit will be 5.
Second digit will be from 1 to 5 (inclusive).
Total length will be 16 digits.
The remainder of the card number also has a meaning, it determines the account number and other information.



Create a dictionary and enable its use in either the antispam or Content Profiles using the following patterns
Amex:  3[47]\d{2}([ \-]?)\d{6}([ \-]?)\d{5}
Mastercard:  5[1-5]\d{2}([ \-]?)(\d{4})([ \-]?)(\d{4})([ \-]?)(\d{4})
Visa (13 digits):  4\\d{3}([ \-]?)(\d{4})([ \-]?)(\d{4})
Visa (16 digits :(  4\d{3}([ \-]?)(\d{4})([ \-]?)(\d{4})([ \-]?)(\d{4})
Configuration example from the GUI :

abuckley_FD32469_fd32469gui.jpg

Configuration example from the CLI ("\" is a control character, which is why it needs to be entered twice through the CLI)

config profile dictionary
edit CreditCard
config item
edit 1
set pattern "3[47]\d{2}([ \-]?)\d{6}([ \-]?)\d{5}"
set pattern-scan-area body
next
edit 2
set pattern "5[1-5]\\d{2}([ \\-]?)(\\d{4})([ \\-]?)(\\d{4})([ \\-]?)(\\d{4})"
set pattern-scan-area body
next
edit 3
set pattern "4\\d{3}([ \\-]?)(\\d{4})([ \\-]?)(\\d{4})"
set pattern-scan-area body
next
edit 4
set pattern "4\\d{3}([ \\-]?)(\\d{4})([ \\-]?)(\\d{4})([ \\-]?)(\\d{4})"
set pattern-scan-area body
next
end
next
end


This is a breakdown of what the expression is saying (for Amex detection)

Expression: 3[47]\d{2}([ \-]?)\d{6}([ \-]?)\d{5}

3
The digit "3"
[47]
Followed by either a "4" or "7"
\d{2}
Followed by any 2 random digits
([ \-]?)
Optionally, followed by a hyphen
\d{6}
Followed by any 6 random digits
([ \-]?)
Optionally, followed by a hyphen
\d{5}
Followed by any 5 random digits

Scope
FortiMail v4.0 and above.
Solution

Contributors