JP5456462B2 - Equipment with e-mail filtering means - Google Patents

Description

  The present invention relates to an e-mail filtering technique, and more particularly to an apparatus provided with e-mail filtering means.

  In recent years, electronic mail via the Internet has become widely established as an easy communication means. For example, e-mail transmission / reception means using a portable terminal such as a personal computer (PC) or a cellular phone is widely used as communication means.

  However, while e-mail has the advantage that it is easy, for example, sending an e-mail for personal purposes during working hours in a company, making a trade secret publicly known as a result of wrong e-mail destination Such as receiving a large number of unnecessary solicitation emails or receiving an email containing a computer virus.

  In order to deal with such problems, a technique for preventing inappropriate transmission / reception of e-mails by determining whether transmission / reception is possible at the time of e-mail transmission / reception, a so-called e-mail filtering technique is known.

  For example, Patent Document 1 below discloses a technique in which addresses and the like that are not permitted as transmission / reception destinations of e-mails are stored in a database, and whether or not transmission / reception can be performed by referring to the database at the time of e-mail transmission / reception is disclosed.

Also, in Patent Document 2 below, it is checked whether or not a keyword set in advance is included in the transmission destination of the email to be transmitted, the body of the email, etc., and if the keyword is included, transmission is prohibited. Techniques to do this are disclosed.
JP-A-2-39647 JP 2002-207672 A

  However, according to the technique disclosed in Patent Document 1, only the address of the e-mail transmission / reception destination is a determination target of whether transmission / reception is possible, and although it is a simple method, the contents described in the e-mail body and the like are the determination target. Therefore, for example, it is impossible to prevent a problem that personal information or trade secrets are leaked by mistake.

  This problem can be prevented by the keyword-based check technique disclosed in Patent Document 2. However, in the technique disclosed in Patent Document 2, only the email to be transmitted is subject to check, and conversely, when a trade secret or the like of another company is erroneously transmitted, there is information that should not be known originally. The problem of being obtained cannot be prevented.

  In either technique, transmission or reception of an e-mail that meets a predetermined condition is prohibited. However, it is actually not easy to appropriately prohibit the transmission / reception of an e-mail without being excessive or insufficient.

  For example, when setting an unacceptable destination address, determine whether or not transmission is possible for all e-mail addresses that are being added or deleted from time to time in the world, and set an unacceptable destination address. Is practically impossible. Therefore, in order to determine whether transmission is possible or not based on the transmission destination address, a method of uniformly prohibiting a predetermined domain must be taken.

  In addition, even when using a technique for checking a keyword, it is not necessarily an inappropriate email just because a prohibited keyword is included. For this reason, if the number of keywords is increased in order to check widely, the number of objects whose transmission is prohibited increases up to an e-mail having no problem, and the convenience of the e-mail is lost. On the other hand, if the check range is too narrow, there is a problem that the risk of sending inappropriate e-mails increases.

  After all, it is difficult to properly prohibit transmission / reception of e-mail without excess or deficiency, whether filtering by transmission / reception address, filtering by keyword, or filtering by other methods.

An object of the present invention is to provide a more realistic and effective electronic mail filtering technique.

  As an e-mail filtering technology, if an operator who performs e-mail transmission / reception operation attempts to send / receive inappropriate e-mail rather than prohibiting e-mail transmission / reception that satisfies a predetermined condition, In addition to preventing improper transmission / reception due to misoperation by performing an action to call attention, if the sender / receiver actually needs to send / receive e-mails that have been cautioned for some reason, It is more realistic to allow a transmission / reception operation for the time being, but to store a trail of a transmission / reception operation that may be inappropriate. In other words, a predetermined check is performed at the time of sending an e-mail and at the time of reference, and if a predetermined condition is met, a message to that effect is displayed (displayed), thereby alerting the operator about an erroneous operation. It is possible to warn to prevent intentional improper operation. In addition, if a message is displayed, the device will not be able to send or refer to e-mail until a check response is received in order to prompt the operator to check all the warnings. . Waiting for a check response, it is possible to send and refer to e-mails on the device. Of course, transmission and reference forced block may be made possible. In addition, by storing information about the operation performed by the operator after displaying the history and message to that effect, it is possible to leave a trail that an operation that may be inappropriate has been performed. .

  According to one aspect of the present invention, there is provided a device including a mail transmission / reception unit that transmits / receives an email, a filtering unit that filters an email, a display device, and an input device, wherein the filtering unit includes the filtering unit, The e-mail transmitted by the e-mail transmitting / receiving means determines whether or not the e-mail can be transmitted. When it is determined that the e-mail cannot be transmitted, a predetermined message related to the determination is displayed on the display device, and a confirmation check response confirming whether or not operation can be continued from the input device Is input, based on the response, it is determined whether to transmit from the transmission / reception means or to forcibly reject transmission not based on the response. . Even when the device determines that transmission is impossible, information regarding the determination is notified to the user, and after prompting confirmation of the disabled content, erroneous transmission can be prevented.

  In the present invention, the transmission is stopped when the e-mail comes out from the transmission / reception means device in the device on the user (client) side (before getting on the communication path). Thereby, security can be secured within the client device. Note that “about the electronic mail transmitted by the mail transmitting / receiving means” does not include processing performed after transmission from the device (processing after exiting the communication path). In addition, the description “whether or not to transmit based on the response” refers to a user who has seen a predetermined message (including the cause / reason for which it has been disabled) that has been warned and displayed by the user's policy settings. Does the transmission of the email or cancels the transmission as a response to it, and determines whether the device transmits the email based on the response result input by the user from the input device Meaning. Until the device detects this response, transmission of the e-mail is prohibited.

  As described above, 1) In addition to a case where transmission of an e-mail is permitted on condition that a message is displayed and a user's response is received, 2) the device side forcibly refuses the transmission. It is also possible to decide on. In what case, 1) and 2) may be set in advance in the device, or one of them may be selected as a result of cooperation with an external device or the like to be described later. Also good.

  Further, the apparatus includes a mail transmission / reception unit that transmits / receives an e-mail, a filtering unit that filters an e-mail, a display device, and an input device, wherein the filtering unit is an electronic device received by the mail transmission / reception unit. Whether or not to respond to a reference request is determined for the mail, and when it is determined that reference is impossible, a predetermined message regarding the determination is displayed on the display device, and a reference check confirmation response is input from the input device Then, a device is provided that determines whether to refer to the received e-mail based on the response, or forcibly rejects the reference not based on the response.

  Means for determining whether or not to transmit the content of the response to a predetermined e-mail address, and means for performing processing for transmitting the content of the response to the predetermined e-mail address if it is determined to be transmitted Is preferred. Here, the “predetermined mail address” is a log transmission mail address, and is indicated by reference numeral 323 in the following embodiment. For example, the mail address of a system administrator is preferable. By logging by mail, a history of a series of contents related to responses can be centrally managed on the administrator side. If the content of the response is sent to the administrator in a pair with the predetermined message, it is easy to understand what kind of response is made to what type of warning message, so the result can be easily used for management. .

  Further, a means for determining whether or not to store the response content in a storage device provided inside or outside the device, and a process of storing the response content in the storage device if it is determined to be recorded And a means for performing. The contents of the response to be recorded include warning contents, user operation contents, transmission source (sender), transmission destination (destination: To / Cc / BCC), mail title, etc. (in the following embodiment, from log format 411) 420).

  The content of the response is preferably stored in the storage device in a pair with the predetermined message. Thereby, the trail regarding operation can be left. If the contents of the response are stored in a pair with the predetermined message, it is easy to understand what kind of response has been made to what type of warning message, so that the result can be easily used for management. As a storage device, if a temporary storage device is provided on the device side and a main storage device is provided externally, management becomes easier. When the storage capacity of the temporary storage device increases, data may be automatically transferred to the main storage device.

  Further, the filtering means relating to the transmission of mail may automatically secure the security of the text of the email and the attached file in cooperation with the security function for the email sent by the mail sending means.

  Here, the “security function” refers to a function such as a security server, for example, when the function is provided outside the device. Alternatively, it can be linked with a security function installed in the client device (own device).

  When a confirmation check response is input and the transmission is OK, the linked security function works, and processing such as security policy assignment and virus check is performed before sending e-mail to the destination. Can do. By working from this cooperation function, it is possible to secure the security of the e-mail body and the attached file by protecting the transmission contents by e-mail.

  In addition, the filtering means corresponds to whether the e-mail sent by the mail transmitting / receiving means is applicable to a domain check policy, an account check policy, or an attachment file policy. It is preferable to make a determination based on whether or not the user definition policy is met.

  The filtering unit determines whether or not the cooperation with the external device has ended normally. If the filtering unit does not end normally, the filtering unit displays a predetermined message on the determination on the display device, and the input device When a confirmation check response indicating whether or not the operation can be continued is input, it may be determined whether to transmit based on the response or to forcibly reject transmission not based on the response.

  Further, in the case of making a determination regarding reference, the filtering means determines whether or not to respond to a reference request for the electronic mail received by the mail transmitting / receiving means, whether the electronic mail is unread, If an error has occurred in the keyword check or domain check, it is determined that reference is impossible, and a predetermined message related to the determination is displayed on the display device. When a confirmation check response indicating whether or not reference is possible is input from the input device, it is determined whether or not to refer to the received e-mail based on the response, or forced reference rejection not based on the response. It is preferable.

  The present invention may be a system including a mail server, a policy server, and the like in addition to the above devices, or may be a method performed by the device or system. Moreover, the program for making a computer perform each step in a method may be sufficient, and the computer-readable recording medium which records the said program may be sufficient.

  According to the present invention, it is checked whether or not the e-mail meets a predetermined condition at the time of e-mail transmission and reference, and if the predetermined condition is met, a message to that effect is displayed and a warning is displayed. By checking and checking all the contents, it is possible to alert the operator to incorrect operation and warn the user not to perform an inappropriate operation unconsciously. Furthermore, when a message is displayed, it is possible to leave a trail regarding the user's operation by storing a history to that effect and information about an operation performed by the operator after the message is displayed. Furthermore, when a response indicating that transmission or reference is possible is made, it is possible to check the contents and attached files of an email to be transmitted or an email to be referred to in cooperation with an external security function of the device.

1 is a configuration diagram of a system according to an embodiment of the present invention. It is a data block diagram of a policy server definition file. It is a block diagram of a policy setting file. It is a data block diagram of the application definition part in a policy setting file. It is a data block diagram of the application definition part in a policy setting file. It is a data block diagram of the application definition part in a policy setting file. It is a data block diagram of the user policy definition part in a policy setting file. It is a data block diagram of the user definition part in a policy setting file. It is a data block diagram of a log file. It is a figure which shows the structural example of a log header part. It is a figure which shows the structural example of a log data part. It is a flowchart figure which shows the operation | movement of an add-in starting check means. It is a flowchart figure which shows operation | movement of a mail transmission check means. It is a flowchart figure which shows operation | movement of a mail transmission check means, and is a figure following FIG. 9A. It is a flowchart figure which shows operation | movement of a mail reference check means. It is a flowchart figure which shows operation | movement of a timer monitoring means.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Client, 2 ... Policy server definition file, 3 ... Policy setting file, 4 ... Log file, 5 ... Mail transmission / reception means, 6 ... Add-in start check means, 7 ... Mail transmission check means, 8 ... Mail reference check means, 9 ... Timer monitoring means, 10 ... Client main unit, 11 ... Storage device, 12 ... Input device, 13 ... Display device, 14 ... Mail server, 15 ... Mail transmission / reception means, 16 ... Policy server, 17 ... Server main unit, 18 ... Policy transmission means, 19 ... log recording means, 20 ... storage device, 21 ... policy setting file, 22 ... log file, 23 ... communication line, 24 ... Rights / virus check means, 25 ... Rights / virus server.

  Hereinafter, embodiments of the present invention (hereinafter referred to as “examples”) will be described in detail with reference to the drawings.

  FIG. 1 is a functional block diagram illustrating a system configuration example of a device having a filtering function according to the present embodiment. The system according to the present embodiment includes a client (device) 1, a mail server 14, a policy server 16, and an authority (Rights) / virus server (security server) that monitors the security related to device email transmission and reference from outside the device 1. ) 25 are communicably connected via a network communication line 23 such as the Internet.

  The client (device) 1 is a device such as a personal computer (PC), a mobile phone, an information appliance, and the like, which includes a central control device (CPU), a main storage device (memory), a communication device, and the like. Although not shown in the figure, the e-mail transmitted from the mail server 14 by other devices (hereinafter referred to as “e-mail transmission / reception device”) including the client 1 via the communication line 23 including a communication network or the like. You can receive or send an email. An example of the internal configuration of the client 1 will be described in detail later.

  The mail server 14 is configured by a device such as a PC, and includes a mail transmission / reception unit 15. The mail server 14 can transmit / receive an electronic mail to / from the electronic mail transmission / reception device 1. When the mail transmission / reception means 15 receives an e-mail transmission request from the client 1, the mail transmission / reception means 15 transmits an e-mail to a transmission destination designated by the client 1. The designated electronic mail is transmitted to the client 1. In the system shown in FIG. 1, the case where one mail server 14 is provided is shown, but a plurality of mail servers may be provided. For example, it is possible to install a mail server 14 for each department in a company.

  Since the technology related to the mail server 14 as described above is well known, a detailed configuration example, operation, and the like of the mail server 14 are omitted.

  The policy server 16 is configured by a device such as a PC, and includes a server main body device 17 including a policy transmission unit 18 and a log recording unit 19, and a storage device 20 such as a magnetic disk. Upon receiving the policy file update date / time notification request from the client 1, the policy transmission means 18 transmits the update date / time of the policy setting file 21 stored in the storage device 20 to the client 1. When the policy transmission unit 18 receives a policy file transmission request from the client 1, the policy transmission unit 18 transmits the storage contents of the policy setting file 21 stored in the storage device 20 to the client 1. The log recording unit 19 stores the log record transmitted from the client 1 in the log file 22.

  Here, the policy setting file 21 is a file that defines a check content to be performed when the client 1 transmits an e-mail or the like, that is, a policy relating to e-mail filtering. It is a file for storing an operation history related to e-mail transmission and the like.

  In FIG. 1, only one policy server 16 is shown, but a plurality of policy servers 16 may be installed. For example, in the company, it is possible to install a policy server 16 for each department. In this case, only one mail server 14 may be installed in the company, and a plurality of policy servers 16 may be installed in each department, that is, in the company. Conversely, a plurality of mail servers 14 may be installed in the policy. One server 16 may be provided.

  The security server (rights / virus server) 25 is configured by a device such as a PC, and can set a security policy for an e-mail body and an attached file, check a virus, and the like with the client 1. It is an external device. The security server 25 includes rights / virus checking means 24. When an e-mail or file attachment transmission request is received from the client 1, before the e-mail is transmitted to the destination designated by the client 1, the security server 25 Performs security policy assignment and virus checking. In FIG. 1, only one authority / virus server 25 is shown, but it is also possible to install the authority / virus server 25 for each department or function in a company, for example. More generally, the security function is often a function installed in a client device (such as a PC), and such a case is also included.

  Since the technology relating to the rights / virus server 25 itself is well known, the detailed configuration example, operation, and the like will not be described.

The client 1 includes a client main body device 10, a storage device 11 such as a magnetic disk device, an input device 12 such as a keyboard, a mouse, and a push button, and a display device 13 such as a liquid crystal display. Although not shown, the client main unit 10 includes a central control device, a main storage device, a storage device control device, an input device control device, a display device control device, and the like. It works by collaboration. For example, the central control unit reads instruction codes of various programs stored in the main storage device, and executes an operation indicated by the instruction code. For example, when the instruction code indicates that a message should be displayed on the display device, the display device control device instructs the display device to display the message, and the display device control device displays the message on the display device 13. To control.

  The storage device 11 stores a policy server definition file 2, a policy setting file 3, and a log file 4.

  Here, the policy setting file 3 is a file that defines a check content to be performed when the client 1 transmits or references an e-mail, that is, a file that defines a policy regarding e-mail filtering. As will be described later, the client 1 refers to the stored contents of the policy setting file 3 or the policy setting file 21 and performs e-mail transmission and check processing for permission for reference.

  The log file 4 is a file for storing an operation history related to e-mail transmission performed by the client 1. In this embodiment, the log file 4 is used as a temporary storage location (storage area), and the storage content of the log file 4 is transmitted to the policy server 16 at a predetermined opportunity and stored in the log file 22. The predetermined triggers are, for example, (1) during add-in check processing (S805 in FIG. 8), (2) when a designated time is reached by the timer monitoring means (S1106 in FIG. 11), and (3) when the application is terminated. .

  The policy server definition file 2 stores information that allows the client 1 to uniquely determine the policy server 16. That is, when the client 1 receives the storage contents of the policy setting file 21 from the policy server 16 or transmits the storage contents of the log file 4 to the policy server 16, the transmission / reception destination policy server 16 is uniquely determined. Is stored. Here, a plurality of pieces of information for determining the policy server 16 can be set. When a plurality of pieces of information for determining the policy server 16 are set, the policy server 16 is determined at the time of add-in check processing (S802 in FIG. 8) or when a specified time is reached by the timer monitoring means (S1106 in FIG. 11). Information to be selected can be arbitrarily selected.

  The client main unit 10 includes a mail transmission / reception means 5, an add-in activation check means 6, a mail transmission check means 7, a mail reference check means 8, and a timer monitoring means 9 (hereinafter referred to as "each means"). Here, each means is a program loaded in the main storage device of the client main unit 10 (corresponding to each means, a mail transmission / reception program, an add-in activation check program, a mail transmission check program, a mail reference check program, and a timer monitoring program) ) Can be realized. In this case, the function of each unit is executed by the central control unit (CPU) of the client main unit 10 executing each program. In the following, each unit is realized by hardware or the like. Considering the above, the case where each means operates mainly will be described as an example.

  The mail transmission / reception means 5 transmits / receives an electronic mail and has a function of storing the received electronic mail in an electronic mail storage file of the storage device 11 (not shown), and is generally referred to as “mail software”. It can be realized by the program. The mail transmission / reception means 5 has a function of operating predetermined means (add-in activation check means 6 in this embodiment) at the time of activation, and the operator of the client 1 operates the input device 12 to operate the electronic mail. It has a function of generating a predetermined event when sending is instructed and when the operator of the client 1 requests the reference of the contents of the received electronic mail by operating the input device 12. Here, the reference request includes, for example, requesting to open an e-mail or an attached file to display or open the contents.

  Further, the mail transmission / reception means 5 responds to a request from each other means in a state where the electronic mail is in an “unread” state (a state where an operation such as opening or previewing the content of the electronic mail has not yet been performed), “ A function of notifying which state is “read” (a state in which an operation such as opening or previewing the content of the e-mail has already been performed), a function of notifying an e-mail address that received the e-mail, and The mail transmission / reception means 5 has a function of notifying which language such as Japanese or English is supported.

  The add-in activation check means 6 is activated by the operation of the mail transmission / reception means 5 at the timing when the mail transmission / reception means 5 is activated. The add-in activation check means 6 includes the client 1 including whether the client 1 has a runtime system necessary for the add-in activation check means 6, the mail transmission check means 7, the mail reference check means 8 and the timer monitoring means 9 to operate. A function for checking the operating environment (hereinafter referred to as “operating environment check”), a function for making a policy file transmission request to the policy server 16, and an e-mail transmission stored in the log file 4 A function of transmitting an operation history to the policy server 16;

  The add-in activation check means 6 has a function of activating the mail transmission check means 7, the mail reference check means 8, the rights / virus product cooperation means 24, and the timer monitoring means 9. Further, the add-in activation check unit 6 has a function of setting a timer value (hereinafter simply referred to as “timer value”) for notifying the timer monitoring unit 9 that a predetermined time has elapsed. Although not shown, the timer value is subtracted with the passage of time by the basic software installed in the client 1, and when the timer value becomes “0 (zero)”, an event for notifying that (hereinafter referred to as “timer value”) "Timer event") occurs.

  When the mail transmission check means 7 is activated, it continues to wait for an event (hereinafter referred to as an “electronic mail transmission event”) indicating that an electronic mail transmission operation has been performed. The mail transmission check means 7 stores in the log file 4 a function of receiving notification of an electronic mail transmission event, a function of checking whether or not an electronic mail transmission destination is appropriate, and an operation content related to electronic mail transmission. It has a function.

  When the mail reference check means 8 is activated, an event indicating that the operator of the client 1 requested to reference the contents of the received email, such as an event for opening an email or an event for previewing (hereinafter referred to as an “email reference event”). ”).

  In the present embodiment, “opening” an e-mail means that, in the received e-mail list display window or the like, any e-mail is designated and the text or the like is displayed in another window. “Previewing” an e-mail means that any e-mail is specified in the received e-mail list display window or the like, and the text or the like is displayed in the e-mail list display window. In the following, regarding the electronic mail, “open”, “preview”, and other operations for displaying other texts and attached files are collectively referred to as “reference” of the electronic mail.

  The mail reference check means 8 stores in the log file 4 a function for receiving notification of an electronic mail reference event, a function for checking whether or not the content of an electronic mail to be referenced is appropriate, and an operation content related to electronic mail reference. It has a function to do.

  When the timer monitoring means 9 is activated, it continues to wait for a timer event to occur. The timer monitoring means 9 is a function for making a policy file transmission request to the policy server 16, a function for transmitting an operation history related to e-mail transmission stored in the log file 4 to the policy server 16, and resetting the timer value It has a function to do.

  The add-in activation check means 6, the mail transmission check means 7, the mail reference check means 8 and the timer monitoring means 9 work in cooperation as e-mail filtering means. Further, for example, if the policy setting file 21 is not automatically transmitted to the client 1 and the log file 4 is not automatically transmitted to the policy server 16, the add-in activation check means 6, the mail transmission check means 7 and Only three means of the mail reference check means 8 can function as filtering means. Further, if the configuration is such that the operating environment check is not performed, it can be made to function as filtering means by only two means of the mail transmission check means 7 and the mail reference check means 8, or the mail transmission check means 7 or the mail reference check. Only one of the means 8 may be a filtering means.

  That is, various variations are possible as a combination of each means in the client 1. Hereinafter, all or a part of the add-in activation check means 6, the mail transmission check means 7, the mail reference check means 8 and the timer monitoring means 9 may be described as “filtering means”.

  Further, only the filtering means can be provided as an add-in program and incorporated in existing mail software to realize the filtering means of the present invention.

  In FIG. 1, only one client 1 is shown, but a plurality of clients 1 having the same configuration may exist, and as described above, clients 1 having various variations are mixed. It is also possible to make it.

  FIG. 2 is a diagram illustrating a configuration example of data of the policy server definition file 2. As shown in FIG. 2, the policy server definition file 2 has a policy setting file storage location 201 as a data item. The policy setting file storage location 201 stores the storage location of the policy setting file 21 to be transmitted to the client 1. Specifically, for example, in a network system composed of a PC in which a Windows (Windows is a registered trademark) OS is installed as basic software, policy setting in the network such as “\\ Policy \ test \” Specify the file storage folder with the full path. In addition to this, the storage location can be specified by various methods such as specifying the storage location by the IP address and the full path of the file. As shown in this example, when the policy setting file storage folder is specified with a full path, and there are a plurality of policy setting files 21 in the folder, the policy transmission means 18 has the latest update date and time, for example. These files may be transmitted to the client 1.

  The policy server definition file 2 is created by a system administrator or the like and stored in the storage unit 11 of each client 1. Therefore, for example, when a plurality of clients 1 want to receive and use different policy setting files 21, create policy server definition files 2 storing different contents as policy setting file storage locations 201, respectively. What is necessary is just to store in the memory | storage means 11 of the suitable client 1. FIG.

  FIG. 3 is a diagram illustrating a configuration example of the policy setting file 3 and the policy setting file 21.

  Here, each of the policy setting file 3 and the policy setting file 21 includes an application definition unit 300, a user policy definition unit 340, and a user definition unit 350 (hereinafter referred to as “each definition unit”). Have the same data items.

  The application definition unit 300 is a data item indicating whether or not the filtering unit performs a check on a data item that is commonly required regardless of an email source address or a destination address, for example, an email destination address. have.

  The user policy definition unit 340 has data items and the like necessary for performing different checks depending on the source address and destination address of the e-mail. There are as many user policy definition units 350 as necessary checks. For example, when checking only whether the department codes of email senders / receivers match, there is only one, and in addition to this, whether the year of joining the email sender / receiver matches is checked. There are two cases. Conversely, when there is no need to perform different checks depending on the source address or destination address of the email, the user policy definition unit 340 does not exist.

  The user definition unit 350 has data items for determining what kind of check is necessary for a predetermined e-mail address. There are as many user definition units 350 as the number of users to be checked, that is, the number of email addresses to be checked. Conversely, when there is no e-mail address to be checked, the user definition unit 350 does not exist. As will be described later, for the email address stored in the user definition unit 350, whether or not the check is necessary is determined by the data item of the user definition unit 350, and for the email address not stored in the user definition unit 350, Whether or not the check is necessary is determined based on the data item of the application definition unit 300.

  The policy setting file 21 is created by a system administrator or the like and stored in the policy server 16. The policy setting file 21 can be created without requiring a special program, for example, as an XML file. If the policy server definition file 2 is stored in the storage unit 11 of the client 1, the add-in activation check unit 6 automatically acquires the latest policy setting file 21, so that, for example, the system administrator stores the policy setting file 21. It is not necessary to store in the storage means 11 of each client 1.

  4A to 4C are diagrams showing examples of the data configuration of the application definition unit 300 of the policy setting file 3 and the policy setting file 21. FIG.

  As shown in the figure, the application definition unit 300 includes an attached file presence / absence check flag 301, an attached file check transmission prohibition flag 302, an attached file warning message 303, a target address display flag (transmission) 304, a domain check flag (transmission) 305, Domain check transmission prohibition flag 306, domain (transmission) 307, domain warning message 308, account check flag 309, account 310, domain warning message 311, user-defined check flag 312, keyword check flag 313, keyword check transmission prohibition flag 314, keyword 315, keyword warning message 316, target address display flag (reference) 317, domain check flag (reference) 318, domain check transmission prohibition flag 319, domain (reference) ) 320, domain warning message 321, log mail acquisition flag 322, log transmission mail address 323, transmission mail title 324, log file acquisition flag 325, log storage directory 326, setting file update interval 327, system malfunction message 328, warning address display Each data item includes a method 329, a warning address display number 330, a check box use flag (transmission) 331, and a check box use flag (reference) 332.

  The attached file presence / absence check flag 301 stores a flag indicating whether or not an electronic mail transmitted from the client 1 is to be checked for the presence / absence of an attached file (hereinafter referred to as “attached file presence / absence check”). For example, “True” is stored when checking, and an error occurs when a file is attached to an e-mail. If not checked, “False” is stored. This data item is referred to by the mail transmission check means 7.

  The attached file check transmission prohibition flag 302 stores a flag indicating whether or not an e-mail can be transmitted when an error occurs in the attached file check for the e-mail transmitted from the client 1. For example, if transmission is not performed, “True” is stored, and if the attached file presence / absence check flag 301 is “True” and an error occurs in the attached file presence / absence check, an e-mail is transmitted. Absent. “False” is stored when the e-mail transmission permission is not controlled. This data item is referred to by the mail transmission check means 7.

  The attached file warning message 303 stores a message displayed on the display device 13 when an error occurs in the attached file check. The attached file warning message 303 may store a message corresponding to a plurality of languages such as a Japanese message (for example, “attached file exists”) and an English message. In this way, when an error occurs, the language of mail software installed in the client 1 is determined using the mail transmission / reception means 5 or the function of the basic software, and an appropriate language is used. It is possible to select and display the message. This data item is referred to by the mail transmission check means 7. Instead of displaying a message or the like, for example, it is possible to notify by voice. The same applies to the following.

  The target address display flag (transmission) 304 stores a flag indicating whether or not a warning target address can be displayed in a message displayed on the display device 13 when an e-mail transmitted from the client 1 has a check error during transmission. Is done. For example, “True” is stored when the warning target address is displayed in the message. If not displayed, “False” is stored. This data item is referred to by the mail transmission check means 7.

  The domain check flag (transmission) 305 stores a flag indicating whether or not to check the transmission destination domain (hereinafter referred to as “domain check (transmission)”) for the electronic mail transmitted from the client 1. For example, when performing a domain check, “True” is stored, and if the domain name portion such as the destination address does not match the domain (transmission) 307, an error occurs. If no domain check is performed, “False” is stored. This data item is referred to by the mail transmission check means 7.

  The domain check transmission prohibition flag 306 stores a flag indicating whether or not an email can be transmitted when the domain check flag is “True” and a check error occurs. For example, “True” is stored when the transmission is not performed, and when the domain check flag (transmission) 305 is “True” and an error occurs in the domain check, the e-mail is not transmitted. . “False” is stored when the e-mail transmission permission is not controlled. This data item is referred to by the mail transmission check means 7.

  The domain (transmission) 307 stores a domain name that is subject to domain check (transmission) for e-mail transmitted from the client 1, such as “hitachisoft.jp”. This data item is used when the mail transmission check means 7 checks whether the destination address of the electronic mail is appropriate. The item name of this data item is “domain (transmission)”, but it is not always necessary to store the company domain. For example, the client 1 is a PC brought into the company by an employee of another company, and the other company domain. If you want to allow email transmission / reception only for the domain name, you can store the domain name of the other company. In the domain (transmission) 307, a plurality of domain names can be recorded. This data item is referred to by the mail transmission check means 7.

  The domain warning message (transmission) 308 stores a message to be displayed on the display device 13 when an error occurs in the domain check. The domain warning message (sending) 308 includes a plurality of Japanese messages (for example, “Recipient includes outside person”), English messages (for example, “A person outside the company is included”), etc. It is better to store messages for each language. In this way, when an error occurs, the language of mail software installed in the client 1 is determined using the mail transmission / reception means 5 or the function of the basic software, and an appropriate language is used. It is possible to select and display the message. This data item is referred to by the mail transmission check means 7.

  The account check flag 309 stores a flag indicating whether or not the account part can be checked for an e-mail or the like transmitted from the client 1 for an e-mail having no problem in the domain check (transmission). For example, “True” is stored when the check is performed, and an error occurs when the account name portion such as the transmission destination address matches the account 310. If not checked, “False” is stored. This data item is referred to by the mail transmission check means 7.

  In the account 310, the account name that is the object of the account part check of the address of the e-mail transmitted from the client 1 is stored as “ml-”, for example. This data item is used when checking whether the account part of the destination address of the e-mail is appropriate when the mail transmission check means 7 determines that the domain check is appropriate. In the account 310, a plurality of account names can be recorded. This data item is referred to by the mail transmission check means 7.

  The account warning message 311 stores a message to be displayed on the display device 13 when an error occurs in the account check described above. The account warning message 311 stores messages for multiple languages such as a Japanese message (for example, “ML is included in the destination”) and an English message (for example, “ML is included”). It is good to leave. In this way, when an error occurs, the function of the mail transmission / reception means 5 or basic software is used to determine the language supported by the mail software installed in the client 1, and in an appropriate language. It is possible to select and display the message. This data item is referred to by the mail transmission check means 7.

  The user definition check flag 312 stores a flag indicating whether or not to check the electronic mail transmitted from the client 1 with reference to the user policy definition unit 340 (hereinafter referred to as “user definition check”). For example, “True” is stored when the check is performed, and “False” is stored when the check is not performed. This data item is referred to by the mail transmission check means 7 and the mail reference check means 8.

  The keyword check flag 313 stores a flag indicating whether or not the electronic mail referred by the client 1 can be referred to by the keyword check. For example, when checking is performed, “True” is stored, and an electronic mail to be referred to is checked using the keyword 315. If not checked, “False” is stored. This data item is referred to by the mail reference checking means 8.

  The keyword check reference prohibition flag 314 stores a flag indicating whether or not e-mail can be referred to when the keyword check flag 313 is “True” and there is a check error. For example, “True” is stored when the electronic mail is not referred to. “False” is stored when the e-mail referability is not controlled. This data item is referred to by the mail reference checking means 8.

  The keyword 315 stores a keyword serving as a reference for determining that the content is inappropriate when it is included in the body of an email received by the client 1. If the client 1 is Japanese-compatible, that is, even if the mail software installed on the client 1 is a Japanese-compatible version, for example, an English e-mail may be received. In addition, some Japanese e-mails may contain English text. Accordingly, the keyword 315 may store a plurality of keywords in various languages such as “inside secret, stock price, secret”.

  However, normally, if a large number of keywords that are not included in the Japanese e-mail are stored, the load of the keyword search process for the e-mail body is unnecessarily increased. Therefore, similar to the attached file warning message 303 and the domain warning (transmission) message 308, different keywords may be checked according to the language supported by the client 1. In this case, in the above example, “confidential, stock price” corresponding to Japanese is stored, “secret” is stored corresponding to English, and “confidential” or “stock price” is the main text for Japanese mail. Or the like, and for an English mail, it may be searched whether “secret” contains the text or the like. This data item is referred to by the mail reference checking means 8.

  The keyword warning message 316 stores a message to be displayed on the display device 13 when an error occurs in the keyword check described above. Similar to the domain warning (send) message 308, the keyword warning message 316 includes a Japanese message (for example, “the following keywords are included”) and an English message (for example, “The following key words are included”). Etc.) etc. It is good to store a message for each of a plurality of languages. This data item is referred to by the mail reference checking means 8.

  The target address display flag (reference) 317 stores a flag indicating whether or not the warning target address can be displayed in a message displayed on the display device 13 when a reference check error occurs for the email received by the client 1. The For example, “True” is stored when the warning target address is displayed in the message. When the warning target address is not displayed in the message, “False” is stored. This data item is referred to by the mail reference checking means 8.

  The domain check flag (reference) 318 stores a flag indicating whether or not to check the transmission source domain (hereinafter referred to as “domain check (reference)”) for the electronic mail received by the client 1. For example, when performing a check, “True” is stored, and if the domain name portion such as the source address does not match the domain (reference) 320, an error occurs. If the source domain is not checked, “False” is stored. This data item is referred to by the mail reference checking means 8.

  The domain check reference prohibition flag 319 stores a flag indicating whether or not e-mail can be referred to when the domain check flag (reference) is “True” and a check error occurs. For example, “True” is stored when the reference is not performed, and when the domain check flag (reference) 319 is “True” and an error occurs in the domain check, the electronic mail is not referred. “False” is stored when the e-mail referability is not controlled. This data item is referred to by the mail reference checking means 8.

  In the domain (reference) 320, the domain name that is subject to domain check (reference) for the electronic mail received by the client 1 is stored, for example, as “hitachisoft.jp”. This data item is used when the mail reference check means 8 checks whether the e-mail transmission source address is appropriate. A plurality of domain names can be recorded in the domain (reference) 307. This data item is referred to by the mail reference checking means 8.

  The domain warning message (reference) 321 stores a message to be displayed on the display device 13 when an error occurs in the domain check. The domain warning message (reference) 321 stores a message in a plurality of languages such as a Japanese message (for example, “You do not have permission to refer to the mail from the sender”), an English message, etc. Good. In this way, when an error occurs, the language of mail software installed in the client 1 is determined using the mail transmission / reception means 5 or the function of the basic software, and an appropriate language is used. It is possible to select and display the message. This data item is referred to by the mail reference checking means 8.

  The log mail acquisition flag 322 stores a flag indicating whether or not log mail can be transmitted to a predetermined transmission destination when an error occurs when an email is transmitted and referred to by the client 1 and a warning is given. For example, “True” is stored when log mail is acquired. If log mail is not acquired, “False” is stored. This data item is referred to by the mail transmission check means 7 and the mail reference check means 8.

  The log transmission mail address 323 stores a transmission destination when the log mail acquisition flag 322 is “True”. This data item is referred to by the mail transmission check means 7 and the mail reference check means 8.

  The transmission mail title 324 stores the title of an e-mail used when an e-mail is transmitted to the e-mail address stored in the log transmission e-mail address 323. Similar to the domain warning (send) message 308, the sent mail title 324 supports a plurality of languages such as a Japanese title (for example, “(Log Mail)”) and an English title (for example, “[Log Mail]”). Each message should be stored in This data item is referred to by the mail transmission check means 7 and the mail reference check means 8.

  The log file acquisition flag 325 stores an operation history or the like in the log file 4 when an error occurs in a domain check (transmission), an attachment file presence check, a user definition check, a domain check (reference), a keyword check, or the like. A flag indicating whether or not to perform is stored. For example, “True” is stored when the operation history is stored in the log file 4, and “False” is stored when the operation history is not stored in the log file 4. This data item is referred to by the mail transmission check means 7 and the mail reference check means 8.

  The log storage directory 326 stores a destination to which the log data stored in the log file 4 is transmitted when the log file acquisition flag 325 is “True”. For example, a location where the client 1 can access is stored with a full path such as “\\ Directory \ MaCoTo \ Log”. The log storage directory 326 is an item that must be set in order to acquire a file as an alternative when the log mail acquisition flag 322 is “True” and mail transmission is impossible.

  The setting file update interval 327 stores an interval time at which the timer monitoring unit 9 should perform the update processing of the policy setting file 3 and the like. For example, when updating is performed every 120 minutes, “120” is stored. Further, “0” is stored when the updating process of the policy setting file 3 by the timer monitoring unit 9 is unnecessary. This data item is referred to by the add-in activation check means 6 and the timer monitoring means 9.

  The system malfunction message 328 stores a message when a problem occurs in the system in the add-in activation check means 6, the mail transmission check means 7, the mail reference check means 8, and the timer monitoring means 9. For example, “A system error has occurred. Please contact your administrator. The extension is“ 1234 ”. ”To make it easier for the user to understand how to deal with problems.

  The warning address display method (transmission) 329 stores a method of displaying on the display device 13 when the target address display flag (transmission) 304 and the target address display flag (reference) 317 are “True”. For example, “3” is set when an error address is displayed as both a display name and an SMTP address, “2” is set when only the SMTP address is displayed, and “3” is displayed when only the display name is displayed. “1” is stored.

  The warning address display number 330 stores the number of addresses to be displayed on the display device 13 when the target address display flag (transmission) 304 and the target address display flag (reference) 317 are “True”. For example, “3” is stored when all addresses in error are to be displayed, and “2” is stored for limited displays such as a maximum of 10 addresses. When the target address display flag (transmission) 304 and the target address display flag (reference) 317 are “False”, “1” is stored in the sense that there is no display address.

  In the check box usage flag (transmission) 331, when an attached file warning message 303, a domain warning (transmission) message 308, an account warning message 311, a user-defined message, etc. are displayed on the display device 13, it is for confirmation. A flag indicating whether or not the check box can be used is stored. For example, when a check box is used, “True” is stored, and for all warnings that cause an error in the mail transmission check means 7, transmission is not performed unless the check box is turned on. . “False” is stored when transmission is performed without checking the warning message.

  The check box use flag (reference) 332 stores a flag indicating whether or not the check box can be used for confirmation when the keyword warning message 316, the domain warning (reference) message 321 and the like are displayed on the display device 13. ing. For example, when a check box is used, “True” is stored, and all warnings in which an error has occurred in the mail reference check unit 8 is set so that reference is not performed unless the check box is turned on. . “False” is stored when the reference is made without checking the warning message.

  The other function cooperation flag 333 stores a flag indicating whether or not an external function is required to be linked with the application. For example, “True” is stored when used. This flag stores as many items as the number of external functions to be used.

  The other function cooperation warning message 334 stores a message to be displayed on the display device 13 when an error occurs in the other function cooperation. The other function cooperation warning message 334 may store a message corresponding to a plurality of languages such as a Japanese message (for example, “Rights related error”) and an English message. In this way, when an error occurs, the language of mail software installed in the client 1 is determined using the mail transmission / reception means 5 or the function of the basic software, and an appropriate language is used. It is possible to select and display the message. This data item is referred to by the mail transmission check means 7.

  FIG. 5 is a data configuration diagram of the user policy definition unit 340 (FIG. 3) of the policy setting file 3 and the policy setting file 21.

  The user policy definition unit 340 includes data items such as a user definition item number 341, a user definition condition 342, and a user definition message 343.

  In the user-defined item number 341, for example, information indicating which data item is to be checked among data items such as department codes and entry years of the sender / receiver related to the email transmitted by the client 1 is included. It is remembered. Specifically, a number indicating which item among user definition items 355 stored in a user definition unit 350 described later is to be checked is stored. For example, when “1” is stored, the first item of the user definition items 355 is a check target, and when “3” is stored, 3 of the user definition items 355 of the user definition unit 350 is stored. The second item is checked. This data item is referred to by the mail transmission check means 7.

  The user definition condition 342 stores a user definition check method. When “1” is stored, the information indicated by the user definition item number 341 of the user definition unit 350 is referred to for the e-mail transmission source and the e-mail transmission destination. When “2” is stored, the information indicated by the user definition item number 341 of the user definition unit 350 is referred to for the e-mail transmission source and the e-mail transmission destination. This data item is referred to by the mail transmission check means 7.

  The user definition message 343 stores a message to be displayed on the display device 13 when an error occurs in the above user definition check. Similar to the domain warning (send) message 308, the user-defined message 343 includes a Japanese message (for example, “the recipient includes people from different departments”), an English message (for example, “Person of a It is better to store messages for multiple languages such as “different post is included”). This data item is referred to by the mail transmission check means 7.

  FIG. 6 is a data configuration diagram of the user definition unit 350 of the policy setting file 3 and the policy setting file 21.

  The user definition unit 350 includes an email address 351, a user definition item 352, an attached file presence / absence check flag 353, an attached file check transmission prohibition flag 354, a target address display flag (transmission) 355, a domain check flag (transmission) 356, and a domain check transmission. Prohibition flag 357, user definition flag 358, user definition check transmission prohibition flag 359, log mail acquisition flag 360, log file acquisition flag 361, keyword check flag 362, keyword check transmission prohibition flag 363, target address display flag (reference) 364, Data items of a domain check flag (reference) 365 and a domain check transmission prohibition flag 366 are included.

  The e-mail address 351 includes an e-mail address (for example, “Hitatchi-taro@hitachisoft.jp” that can be a target of attachment check, domain check (send), account check, user-defined check, keyword check, domain check (reference), etc. ") Is stored. This data item is referred to by the mail transmission check means 7 and the mail reference check means 8.

  The user definition item 352 stores the data content to be subjected to the user definition check stored in the user policy definition unit 340. As a specific example, the department code (for example, “S0330”), department name (for example, “financial department”), employee number (for example, “ 1983983 "), business division code (for example," 9727 "), hire year (for example," 2007 "), and other information related to the operator is stored.

  The mail transmission check means 7 only determines whether or not the stored contents of the user definition item 352 match the transmission source address and the transmission destination address of the electronic mail to be transmitted. It does not determine what the data item means (for example, whether it is a department code or employee number). Accordingly, in the user-defined item 352, one or more (n) various contents can be stored as necessary in addition to the department code described above. The order of data contents to be subject to user-defined checks in this user-defined item 352 needs to be the same for all recorded users to be checked. When the user definition check is not performed (when the user policy definition unit 340 does not exist), the user definition item 352 does not exist. This data item is referred to by the mail transmission check means 7.

  Data items 353 to 366 are the same items as the data items having the same names in FIG. 4, but store a flag indicating whether or not use (application) is possible in units of e-mail addresses. Therefore, detailed description is omitted.

  FIG. 7A is a diagram illustrating a data configuration example of the log file 4 and the log file 22. The log file 4 and the log file 22 are files for leaving a trail of warning contents displayed for the operator of the client 1 and operations performed by the operator for the warning. As shown in FIG. 7A, a log header section 400 and a log data section 410 are provided.

  As shown in FIG. 7B, the log header section 400 has data items such as addresses and versions such as a user name 401, a machine name 402, a mail address 403, a domain name 404, an application version 405, and a policy version 406. In the log file 4 and the log file 22, one log header section 400 is stored for each file.

  As shown in FIG. 7C, the log data unit 410 includes a warning date and time 411, an operation 412, a warning category 413, a warning policy 414, a sender (From) 415, a destination (To) 416, a destination (Cc) 417, and a destination (Bcc ) 418, subject 419, remarks 420, and other data items related to warnings, and the log file 4 and log file 22 can store a plurality of log data portions 410.

  As will be described later, the log data unit 410 is stored in the log file 4 each time the mail transmission check unit 7 or the mail reference check unit 8 displays a warning to the operator of the client 1. Further, the log header part 400 and the log data part 410 stored in the log file 4 are transmitted to the policy server 16 by the add-in activation check unit 6 or the timer monitoring unit 9 and stored in the log file 22 by the log recording unit 19. .

  In the user name 401, the login name of the operator to the system such as the OS is stored as “UserName: hitachi”, for example.

  In the machine name 402, the machine name used by the operator is stored as “MachineName: testPC”, for example.

  The e-mail address 403 stores the e-mail address set by the operator as Default, for example, “MailAddress: test1@hitachisoft.com”.

  The domain name 404 stores the domain name to which the machine name 402 belongs, for example, “DomainName: Domain”.

  The application version 405 stores the program version used by the machine name 402, for example, “Version: 1.0.0.0”.

In the policy version 406, the version of the policy applied to the operator of the client 1 by the mail check means 7 or the mail reference check means 8 is stored as “PolicyVersion: PolicyDefine_20070331”, for example.

  In the warning date and time 411, the date and time when the mail transmission check unit 7 or the mail reference check unit 8 displays a warning is stored as “[Date] 2007/03/31 15:20:43”, for example.

  The operation 412 stores information indicating whether the operator of the client 1 has continued or canceled the operation after displaying a warning on the display device 13 of the client 1. For example, when the operation is canceled, it is stored as “[Operation] Cancel”.

  In the warning category 413, which means such as the mail transmission check means 7 or the mail reference check means 8 has displayed the warning is stored as, for example, “[Type] Send” in the case of transmission.

  The warning 414 stores information for indicating which error has occurred, such as a domain check or an attached file presence / absence check, which the mail check means 7 or the mail reference check means 8 warned the operator of the client 1 with. Is done. For example, if an error occurs in the attachment file presence check and the user definition check defined by the second user policy definition unit 350, “[Warning] AttachedFile / UserDefine2” is stored.

  If the sender (From) 415 is warned in the check of the mail check means 7 or the mail reference check means 8, the sender address of the email is, for example, “[From] test1@hitachisoft.com” Remembered.

  For the sender (To) 416, the e-mail destination address (To) in the case of warning in the check of the mail check means 7 or the mail reference check means 8 is, for example, “[To] atesaki1@test.com”. Is remembered. At that time, if there are a plurality of destination addresses (To), all of them are stored in “/” delimiters.

  For the sender (Cc) 417, the e-mail destination address (Cc) when the e-mail check means 7 or the e-mail reference check means 8 is warned is, for example, “[Cc] atesaki2@test.com” Is remembered. At this time, if there are a plurality of destination addresses (Cc), all of them are stored in “/” delimiters.

  For the sender (Bcc) 418, the e-mail destination address (Bcc) in the case of warning in the check of the mail check means 7 or the mail reference check means 8 is, for example, “[Bcc] atesaki3@test.com” Is remembered. At this time, if there are a plurality of destination addresses (Bcc), all of them are stored in “/” delimiters.

  In the subject 419, the title of the e-mail in which the error has occurred is stored, for example, “[Title] transmission test”.

  The remark 420 stores a keyword 315 included in the body of the e-mail when an error occurs in a keyword check or the like. If more than one are included, all are stored in “/” delimiters.

  Above, description of the system configuration example etc. which concern on this Embodiment is complete | finished, and below, operation | movement of the filtering means which concerns on this Embodiment is demonstrated, referring a flowchart.

  FIG. 8 is a flowchart showing the operation flow of the add-in activation check means 6. The description will be made with reference to other drawings as appropriate. When the operator of the client 1 operates the input device 12 to activate the mail transmission / reception means 5, the mail transmission / reception means 5 activates the add-in activation check means 6 (S800).

  The add-in activation check means 6 checks whether the operating environment (the version of the mail transmission / reception means 5 and the presence / absence of a runtime system necessary for processing) provided in the client 1 satisfies the conditions for the filtering means to perform the processing. (S801). If the condition is satisfied, the process is continued (OK: to S802). If not satisfied, a predetermined error message is displayed on the display device 13 and the process is terminated (NG: to S808).

  Next, the add-in activation check unit 6 reads the policy server definition file 2 (S802).

  Next, the add-in activation check unit 6 transmits a policy file update date / time notification request to the policy server 16 indicated by the policy setting file storage location 201. Then, the update date / time notified from the policy server 16 is compared with the update date / time of the policy setting file 3. As a result of the comparison, if the notified update date / time is newer, the policy server 16 transmits a policy file transmission request to the policy server 16 and receives the contents stored in the policy setting file 21 from the policy server 16. The policy setting file 3 stored in 1 is deleted, and the policy setting file 3 is newly stored with the contents stored in the received policy setting file 21 (S803). With this processing, the policy setting file 3 in the latest state can be stored in the storage device 11 of the client 1. If the update date and time of the policy setting file 3 is newer or the same, or if the policy file transmission request fails due to a communication error or the like, the above processing is not performed.

  Next, the add-in activation check unit 6 reads the policy setting file 3 and stores the stored contents in the main storage device of the client 1 (S804). The add-in activation check means 6, mail transmission check means 7, mail reference check means 8 and timer monitoring means 9 are stored in the policy setting file 3 or policy setting file 21 stored in the main storage device of the client 1 as described above. Process by referring to the data item.

  Next, when the log-in file 4 exists and one or more log records 400 are stored, the add-in activation check unit 6 transmits all stored log data to the policy server 16, and stores the log file 4. It is deleted (S805). The log data transmitted to the policy server 16 is stored in the log file 22 by the log recording means 19.

  Next, the add-in activation check means 6 activates the mail transmission check means 7 and the mail reference check means 8. The activated mail transmission check means 7 and mail reference check means 8 are in an event waiting state. If a value other than “0 (zero)” is stored in the setting file update interval 327, the timer value is set to the timer value of the setting file update interval 327 and the timer monitoring unit 9 is activated. The timer value is subtracted with the passage of time, and when the timer value becomes “0 (zero)”, an event to notify that is generated. The activated timer monitoring means 9 continues to wait for this event to occur (S806). Next, an event wait state (end: S807) is entered.

  FIG. 9A and FIG. 9B are flowcharts showing the operation flow of the mail transmission check means 7.

  When the mail transmission check means 7 is activated, it continues to wait for an e-mail transmission event to occur. When the operator of the client 1 instructs the mail transmission / reception means 5 to send an email using the input device 12, the mail transmission / reception means 5 generates an email transmission event (S900), and the mail transmission check means 7 The following processing is performed according to the notification.

  First, the mail transmission check means 7 checks whether the destination address of the e-mail corresponds to the domain check policy (S901). Specifically, when the transmission source address of the transmission target email is stored in the email address 351 of the user definition unit 350 and “True” is stored in the domain check flag 356, the transmission target email Whether the destination address (To, Cc and Bcc) includes a domain name other than the domain stored in the domain (transmission) 307 of the application definition unit 300. When the transmission source address of the transmission target electronic mail is not stored in the mail address 351 of the user definition unit 350, the domain check flag (transmission) 305 of the application definition unit 300 is referred to and “True” is stored. In this case, it is checked whether or not the transmission destination address (To, Cc and Bcc) of the transmission target email includes a domain name other than the domain stored in the domain (transmission) 307 of the application definition unit 300. .

  In the above check, if the destination address (To, Cc, Bcc) includes a domain other than the domain stored in the domain (transmission) 307, a domain check error is determined (S902).

  Further, when there is no error in the domain check (S901) and the account check flag 309 of the user definition unit 300 is “True”, the transmission destination address (To, Cc and Bcc) of the transmission target electronic mail Checks whether the account 310 of the application definition unit 300 is included (S913).

  In the above check processing, if the account stored in the account 310 is included in the destination address (To, Cc, Bcc), an account check error is determined (S914).

  Next, the mail transmission check means 7 checks whether or not the e-mail corresponds to the attached file policy (S903). Specifically, when the transmission source address of the transmission target email is stored in the mail address 351 of the user definition unit 350 and “True” is stored in the attached file presence / absence check flag 353, the transmission target Check if the attachment exists in the email. If the transmission source address of the transmission target email is not stored in the email address 351 of the user definition unit 350, the attached file presence / absence check flag 301 of the application definition unit 300 is further referred to and “True” is stored. If there is an attached file, it is checked whether there is an attached file in the e-mail to be sent.

  In the above check processing, if an attached file exists in the transmission target e-mail, an attachment file existence check error is determined. (S904).

  Next, the mail transmission check means 7 stores “True” in the user definition check flag 312, and the transmission source address of the transmission target email is stored in the mail address 351 of the user definition unit 350. In this case, the following processing (S906, S907) is performed as many as the number of user policy definition units 340 (S905).

  When “True” is stored in the i-th user definition flag 312 (i is greater than or equal to 1 and less than or equal to the number of the user policy definition unit 340), the i-th user definition item number 341 is stored. Refer to the number you have. Then, the user definition item 352 indicated by the number is referred to (hereinafter referred to as “check target user definition item 1”). In addition, the numbers stored in the i-th user-defined item number 341 for all of the destination addresses (To, Cc, and Bcc) of the transmission target electronic mail that are stored in the mail address 351 of the user definition unit 350 The user definition item 352 indicated by the number is referred to (hereinafter referred to as “check target user definition item 2”).

  Next, the check method stored in the i-th user-defined condition 342 is referred to. When “1” is stored, an error occurs when the check target user definition item 1 and the check target user definition item 2 are the same, and when “2” is stored, the check target user definition If item 1 and check target user-defined item 2 are different, an error is determined (S906). If an error is detected in the above check, a user-defined policy error is determined (S907).

  Next, as shown in FIG. 9B, when “True” is stored in the other function cooperation flag 333, the mail transmission check unit 7 performs a process of linking the email to be transmitted and the external function (S915). . The following processing (S917, S918) is performed for the number of other function cooperation flags stored (S916).

  When “True” is stored in the i-th function linkage flag 333 (i is a number equal to or greater than the number of the other-function linkage flag 333) (i.e., i is 1 or more), the i-th linkage is made with the corresponding external function (S917). ).

  For example, in the case of the Rights-related function, it is possible to assign a security policy or the like to the transmission target e-mail body or attached file, thereby enabling more reliable e-mail exchange.

  If an error occurs in the above cooperation with the external function, it is determined as another function cooperation error (S918).

  Next, the mail transmission check means 7 determines whether any of a domain check error, an account check error, an attached file presence / absence check error, a user definition policy error, or another function linkage error has occurred (S908).

  When an error has occurred (YES in S908), a warning message is displayed on the display device 13 of the client 1, and a response request message for sending an e-mail or canceling the e-mail transmission is displayed. indicate. The warning message includes a domain warning (send) message 308 when a domain check error occurs, an account warning message 311 when an account check error occurs, and an error when a user-defined policy error occurs. When a user definition message 343 of the user policy definition unit 340, or another function cooperation error occurs, a message stored in the other function cooperation warning message 334 is displayed. If an attachment file existence check error occurs and “True” is stored in the other function linkage flag 333 that requires password input, a password input field and a password hint input field are displayed together with the attached file warning message 303. To do. When the other function linkage flag 333 requiring password input is “False”, the password input field and the password hint input field are not displayed. When multiple errors have occurred, a warning is displayed for all errors. If a message is stored in the domain warning message (transmission) 308 or the like corresponding to a language such as Japanese or English, it is installed in the client 1 using the function of the mail transmission / reception means 5 or basic software. The corresponding language of the mail software or the like is determined, and a message in an appropriate language is selected and displayed (S909).

  Next, the mail transmission check means 7 indicates that the operator of the client 1 uses the input device 12 to input that the e-mail is to be transmitted (for example, “OK”) or to cancel the e-mail transmission. If the other function linkage flag 333 that requires input (for example, “cancel”) and password input is “True”, it waits until the password and password hint are input.

  When the input is received, the transmission source address of the transmission target electronic mail is stored in the mail address 351 of the user definition unit 350 and “True” is stored in the log file acquisition flag 361. It is determined that acquisition is necessary. When the transmission source address of the e-mail to be transmitted is not stored in the mail address 351 of the user definition unit 350, the log file acquisition flag 325 of the application definition unit 300 is further referred to, and “True” is stored Is determined to require log file acquisition. In the above, when it is determined that log file acquisition is necessary, a log record is created and stored in the log file 4.

  Further, when the transmission source address of the e-mail to be transmitted is stored in the mail address 351 of the user definition unit 350 and “True” is stored in the log mail transmission flag 360, the log mail transmission is required. judge. When the transmission source address of the transmission target electronic mail is not stored in the mail address 351 of the user definition unit 350, the log mail transmission flag 322 of the application definition unit 300 is further referred to, and “True” is stored Is determined to require log mail transmission. As described above, when it is determined that log mail transmission is necessary, a log record is created and transmitted to the log transmission mail address 323 by e-mail. At this time, the title stored in the transmission mail title 324 is used as an e-mail title. In addition, when a title is stored in the outgoing mail title 324 corresponding to languages such as Japanese and English, the mail software installed in the client 1 using the mail transmission / reception means 5 and the functions of the basic software is used. Etc., and select a title in an appropriate language. Furthermore, if the other function linkage flag 333 requiring password input is “True” and an error is detected in the attached file, a password hint mail is created and transmitted to the destination of the transmission target e-mail (S910).

  Here, the contents of both the data stored in the log file 4 and the log data transmitted by e-mail are stored. The system administrator determines what kind of error has occurred in the e-mail that the operator of the client 1 tried to send, and whether the operator continued to send e-mail despite the occurrence of the error, or e-mail transmission You can know if you stopped.

  The email transmission check means 7 does not generate any domain check error, account check error, attachment presence / absence check error, user-defined policy error, or other function linkage error (NO in S908) or an error occurs. However, when the input device 12 receives an input indicating that an e-mail is to be transmitted (if YES in S908), the e-mail to be checked is transmitted. When receiving a response from the input device 12 to cancel the transmission of the electronic mail, the transmission of the electronic mail is stopped. (S911).

  When the above processing is completed, the mail transmission check means 7 continues to wait for an e-mail transmission event to occur again (S912).

  FIG. 10 is a flowchart showing the operation of the mail reference check means 8. First, when the mail reference check means 8 is activated, it continues to wait for an electronic mail reference event to occur. When the operator of the client 1 tries to refer to the email transmission / reception means 5 using the input device 12, the mail transmission / reception means 5 generates an email reference event (S 1000), and the mail reference check means 8. Performs the following processing in response to the event notification.

  First, the mail reference checking means 8 inquires of the mail transmitting / receiving means 5 whether the target e-mail in which the e-mail reference event has occurred (hereinafter referred to as “check target e-mail”) is unread or read. If the e-mail has not been read, the processing from S1002 to S1004 is performed, and if it has been read, the processing of S1008 is performed (S1001).

  Next, the mail reference check means 8 performs a mail reference check (S1002). Specifically, the mail reference check unit 8 acquires the email address (hereinafter referred to as “check target email address”) of the operator who performed the reference operation of the check target email from the mail transmission / reception unit 5 and checks it. It is determined whether the target electronic mail address is stored in the mail address 351 of the user definition unit 350. When the check target email address is stored in the email address 351 of the user definition unit 350 and “True” is stored in the keyword check flag 362 and the domain check flag (reference) 365 of the user definition unit 350 Check it out. Further, even if it is not stored in the mail address 351, it is necessary to check if “True” is stored in the keyword check flag 313 and the domain check flag (reference) 318 of the application definition unit 300. When the keyword check is required, the keyword stored in the keyword 315 of the application definition unit 300 is searched for the text, subject, and attached file name of the check target email. If any of the text, subject, and attached file name includes at least one keyword, a keyword check error is determined.

  At this time, if a keyword is stored in the keyword 315 in correspondence with a language such as Japanese or English, the mail software installed in the client 1 using the function of the mail transmitting / receiving means 5 or the basic software. Etc., and search by selecting a keyword in an appropriate language.

Next, the mail reference checking means 8 checks whether or not the transmission source address of the check target electronic mail corresponds to the domain check (S1003). Specifically, the check is performed when the sender address of the check target email is stored in the email address 351 of the user definition unit 350 and “True” is stored in the domain check flag (reference) 365. It is checked whether or not the transmission source address of the target electronic mail includes a domain name other than the domain stored in the domain (reference) 320 of the application definition unit 300. When the transmission source address of the check target email is not stored in the mail address 351 of the user definition unit 350, the domain check flag (reference) 318 of the application definition unit 300 is further referred to and “True” is stored. If the source address of the check target e-mail includes a domain name other than the domain stored in the domain (reference) 320 of the application definition unit 300, it is checked. In the above check, if a domain name other than the domain stored in the domain (reference) 320 is included in the transmission source address of the check target email, a domain check error is assumed. (S1003)
When a keyword check error or a domain check error occurs in the above check (YES in S1004), the mail reference check means 8 displays a warning message on the display device 13 of the client 1 and refers to an e-mail. A response request message (for example, “It contains a keyword that violates policy. Do you want to preview or open?”) Is displayed. As a warning message, a keyword warning message 316 is displayed for a keyword check error, and a domain warning message (reference) 321 is displayed for a domain check error. If multiple errors have occurred, a warning is displayed for all errors. If the domain warning message (reference) 321 or the like stores a message corresponding to a language such as Japanese or English, it is installed in the client 1 using the mail transmission / reception means 5 or the function of the basic software. The corresponding language of the mail software or the like that is being used is determined, and a message in an appropriate language is selected and displayed (S1005).

  The mail reference check means 8 uses the input device 12 by the operator of the client 1 to input that the operation is continued (for example, “OK”) or a response that the operation is stopped (for example, “cancel”). Wait until you do.

  Upon receiving the input, if the check target e-mail address is stored in the e-mail address 351 of the user definition unit 350 and “True” is stored in the log file acquisition flag 361, the log file acquisition request is required. Is determined. When the transmission source address of the e-mail to be transmitted is not stored in the mail address 351 of the user definition unit 350, the log file acquisition flag 325 of the application definition unit 300 is further referred to, and “True” is stored Is determined to require log file acquisition. In the above, when it is determined that log file acquisition is necessary, a log record is created and stored in the log file 4.

  Further, when the check target e-mail address is stored in the mail address 351 of the user definition unit 350 and “True” is stored in the log mail transmission flag 360, it is determined that log mail transmission is necessary. When the transmission source address of the transmission target electronic mail is not stored in the mail address 351 of the user definition unit 350, the log mail transmission flag 322 of the application definition unit 300 is further referred to, and “True” is stored Is determined to require log mail transmission. As described above, when it is determined that log mail transmission is necessary, a log record is created and transmitted to the log transmission mail address 323 by e-mail. At this time, the title stored in the transmission mail title 324 is used as an e-mail title. In addition, when a title is stored in the outgoing mail title 324 corresponding to languages such as Japanese and English, the mail software installed in the client 1 using the mail transmission / reception means 5 and the functions of the basic software is used. And the like, and a title in an appropriate language is selected (S1006).

  Here, the contents of both the data stored in the log file 4 and the log data transmitted by e-mail are stored. The system administrator determines what kind of error has occurred in the e-mail that the operator of the client 1 tried to send, and whether the operator continued to send e-mail despite the occurrence of the error, or e-mail transmission You can know if you stopped.

  The mail reference check unit 8 continues the operation from the input device 12 when neither a keyword check error nor a domain check error has occurred (NO in S1004) or an error has occurred (YES in S1004). If a response to that effect is received, reference to the e-mail is permitted (S1008). As a result, the check target electronic mail is referred to. If a response to stop the operation is received from the input device 12, the reference is canceled (S1009). As a result, the check target e-mail is not referred to.

  When the above processing is completed, the mail reference check unit 8 continues to wait for an e-mail reference event to occur again (S1010).

  FIG. 11 is a flowchart showing the operation of the timer monitoring means 9.

When the timer monitoring means 9 is activated, it continues to wait for a timer event to occur. When an event occurs (S1100), the timer monitoring unit 9 performs the following processing in response to the event notification.

  First, the timer monitoring unit 9 determines whether or not the policy setting file 21 to be updated exists (S1101).

  Specifically, a policy file update date / time notification request is transmitted to the policy server 16 indicated by the policy setting file storage location 201. Then, the update date / time notified from the policy server 16 is compared with the update date / time of the policy setting file 3. As a result of the comparison, if the transmitted update date is newer, it is determined that the policy setting file 21 to be updated exists (S1101).

  When it is determined that the policy setting file 21 to be updated exists (YES in S1101), a policy file transmission request is transmitted to the policy server 16 and the contents stored in the policy setting file 21 are acquired (S1102). . If the update date / time of the policy setting file 3 is newer or the update date / time is the same (in the case of NO in S1101), or not shown in FIG. If the request fails, the processing from S1106 is performed.

  After obtaining the contents stored in the policy setting file 21, the timer monitoring unit 9 inputs a message to update the policy setting file 3 to the display device 13 and “OK” from the input device 12. A prompt message is displayed (S1103).

  After the message is displayed, the timer monitoring unit 9 continues to wait until the operator of the client 1 operates the input device 12 and inputs “OK” (S1104). Although only “OK” can be input, the reason for displaying the message to update the policy setting file 3 and waiting for the input is that when the policy setting file 3 is updated, the mail transmission check means 7 and This is because the check result of the mail reference check means 8 may change, so that the check contents can be prevented from changing without the operator being aware of it, and the response can be lowered while the policy setting file 3 is being updated. . That is, the policy setting file 3 is not updated until the operator inputs “OK”. Therefore, after an urgent operation (for example, sending an e-mail that must be sent urgently) is finished, “ It is also possible to input “OK”.

  When the operator of the client 1 operates the input device 12 and inputs “OK”, the timer monitoring unit 9 stores the contents stored in the policy setting file 21 received from the policy server 16 in the main storage device of the client 1. expand. That is, the contents of the policy setting file 3 or the policy setting file 21 stored in the main storage device are stored again. Further, the policy setting file 3 stored in the client 1 is deleted, and the policy setting file 3 is newly stored with the contents stored in the received policy setting file 21 (S1105).

  Next, when the log file 4 exists and one or more log records are stored, the timer monitoring unit 9 transmits all the stored log records to the policy server 16 and deletes the log file 4. (S1106). The log record transmitted to the policy server 16 is stored in the log file 22 by the log recording means 19.

  Next, when a value other than “0 (zero)” is stored in the setting file update interval 314, the timer monitoring unit 9 sets the stored content of the setting file update interval 314 as a timer value (S1107) and ends the process. To do.

  The timer value is subtracted over time, and when the timer value becomes “0 (zero)”, a timer event occurs. The timer monitoring means 9 continues to wait for a timer event to occur again (S1108).

  As described above, according to the present embodiment, a predetermined check is performed at the time of sending and referring to an e-mail, and when a predetermined condition is met, a message to that effect is displayed and confirmation is made to the operator. Or by automatically linking with external functions to alert the operator to incorrect operations, warn them to prevent intentional inappropriate operations, and It is possible to prevent inappropriate operation.

  Furthermore, when a message is displayed, it is possible to leave a trail regarding the user's operation by storing a history to that effect and information about an operation performed by the operator after the message is displayed.

  Further, the present invention includes a method including the processing steps shown above, a program for causing a computer to execute these steps, and a computer-readable recording medium for recording the program.

  INDUSTRIAL APPLICABILITY The present invention can be used for an electronic mail filtering device and a device including the same.

Claims (7)

A device comprising a mail transmitting / receiving means for transmitting / receiving e-mail, a filtering means for filtering e-mail, a display device, and an input device,
The filtering means determines whether or not the electronic mail transmitted by the mail transmitting / receiving means can be transmitted, and when it is determined that transmission is not possible, displays a predetermined message on the display on the display device, and continues the operation from the input device If a confirmation check response for acceptability of the input is input, whether to transmit from the mail transmission / reception means based on the response, or forcible transmission rejection not based on the response is determined,
Means for determining whether or not to send the contents of the response to a predetermined mail address; and means for performing processing to send the contents of the response to the predetermined mail address if it is determined to be transmitted. And
A log file that allows transmission / reception operation even when the predetermined message is displayed when it is determined that transmission is impossible, and includes the predetermined message and a transmission destination regardless of whether or not the transmission operation is performed. A device characterized by memorizing.   Means for determining whether or not to store the response content in a storage device provided inside or outside the device, and processing for storing the response content in the storage device if it is determined to be recorded The apparatus according to claim 1, further comprising: means.   The apparatus according to claim 1 or 2, wherein the filtering means automatically secures the text of an electronic mail and an attached file in cooperation with a security function for the electronic mail transmitted by the mail transmitting / receiving means. .   Whether the filtering means corresponds to whether the e-mail transmitted by the mail transmitting / receiving means corresponds to a domain check policy, an account check policy, or an attachment policy The device according to any one of claims 1 to 3, wherein the determination is based on whether or not a user-defined policy is satisfied.   The filtering means determines whether or not the cooperation with the external device has ended normally, and if the link does not end normally, displays a predetermined message regarding the determination on the display device, from the input device When a confirmation check response as to whether or not to continue the operation is input, it is determined whether to transmit based on the response or to forcibly reject transmission not based on the response. The device according to 3 or 4.   The device according to claim 1, wherein the content of the response is transmitted in pairs with the predetermined message.   The device according to claim 2, wherein the content of the response is stored in the storage device in a pair with the predetermined message.

Images