JP2013003914A - Information processor, its control method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce troublesome work related to setting a change in rules for determining whether an E-mail is to be a monitoring target for a manager who manages the rules.SOLUTION: Monitoring target determination rules for determining whether an E-mail transmitted from a transmission terminal is to be a monitoring target and change conditions which are conditions for changing the monitoring target determination rules are stored in a memory device. It is determined whether an E-mail transmitted from the transmission terminal matches the stored change conditions, and when determining that it matches the conditions, the monitoring target determination rules are changed. Then, according to the changed monitoring target determination rules, it is determined whether the E-mail transmitted from the transmission terminal is to be an E-mail of monitoring target.

Description

  The present invention relates to an information processing apparatus, a control method therefor, and a program, and more particularly to a technique for changing a rule for determining whether an electronic mail is to be audited.

  In recent years, leakage of personal information and confidential information has been affecting corporate trust. Information leakage may occur due to unauthorized access from the outside, but most are caused by carelessness of people inside the company, and information leakage is caused by inadvertent transmission of files using e-mail, etc. I sometimes get up. Since the Personal Information Protection Law was enforced in 2005, it has become an urgent task for companies to take measures against information leakage.

  Therefore, when an e-mail is sent from an internal network to an external network, measures against information leakage are introduced, such as by introducing an e-mail audit system that decides whether or not to permit delivery according to the content of the e-mail. I have taken.

  In Patent Literature 1, an e-mail monitoring server that monitors e-mails determines whether or not an e-mail transmitted from an information processing device matches a filtering rule condition, and whether or not the e-mail can be transmitted. Describes whether to defer transmission.

  The electronic mail whose transmission is suspended is audited by an auditor, and it is described that whether or not to transmit the electronic mail is determined according to the result of the audit.

  Thus, conventionally, for example, transmission of an e-mail containing information to be audited by an auditor (administrator) is suspended according to the conditions of the filtering rule, and according to the audit result by the auditor, the electronic mail is suspended. It is determined whether to send an e-mail.

JP 2010-102592 A

  However, conventionally, as information to be audited by an auditor, for example, a filtering rule is set so that transmission of an e-mail including a new product name that has not been disclosed is suspended and the e-mail is subject to auditing. The administrator who changes the setting of the conditions set in (1) sets the new product name to the conditions set in the filtering rule. When the new product is released, the new product name becomes information that does not need to be audited by the auditor, so that emails containing the new product name are not subject to audit. An operation such as excluding the new product name from the conditions defined in the filtering rule must be performed.

  In this way, conventionally, the administrator has changed the information included in the email from information that should be audited by the auditor to information that does not need to be audited, or information that does not need to be audited. Therefore, when changing to information to be audited, the conditions defined in the filtering rule must be maintained, which is very complicated.

  In addition, if the administrator makes such mistakes, emails that should be audited are sent without being audited, or emails that do not need to be audited are mistakenly audited and audited by the auditor. As a result, audits by auditors may not be performed properly.

For example, when a new product is released, an e-mail with a message to that effect is often delivered to the customer when the new product is released. If the system is not properly maintained, problems such as suspension of transmission of the e-mail as an audit target occur.
As described above, conventionally, the above-described problems may occur unless appropriate filtering rules are set.

  In addition, among the emails that have been suspended as audit targets according to the filtering rules before the change, the filtering rules have been changed for the emails that no longer need to be audited due to the change of the filtering rules. The e-mail is an audit target e-mail, and there is a risk that the e-mail may be audited even if the e-mail becomes unnecessary.

  In addition, emails that do not need to be audited due to changes to filtering rules have been suspended for auditing, so emails are sent to the destination until the audit is performed by the auditor. Information may not be transmitted efficiently.

  Accordingly, an object of the present invention is to provide a mechanism for reducing the troublesome work related to the setting change of the rule by the administrator who manages the rule for determining whether the email is to be audited. is there.

  The present invention is an information processing apparatus capable of communicating with a transmission terminal that transmits an electronic mail and an administrator terminal used by an administrator who audits the electronic mail transmitted from the transmission terminal, the information processing apparatus being transmitted from the transmission terminal Acquisition means for acquiring e-mails to be audited, an audit target determination rule for determining whether the e-mail acquired by the acquisition means is to be audited, and a change that is a condition for changing the audit target determination rule In accordance with the storage means for storing the condition, the electronic mail acquired by the acquisition means, and the audit target determination rule stored in the storage means, the electronic mail is determined as the audit target electronic mail. A determination unit; a transmission unit configured to transmit the data of the email determined as the email to be audited by the determination unit to be displayed on the administrator terminal; and the acquisition A determination unit that determines whether the e-mail acquired by the step matches a change condition stored in the storage unit; and the e-mail acquired by the acquisition unit by the determination unit is stored in the storage unit A change unit that changes the audit target determination rule stored in the storage unit when it is determined that the stored change condition is satisfied, and the determination unit includes the electronic device acquired by the acquisition unit. According to the mail and the audit target determination rule changed by the changing means, it is determined whether the electronic mail is to be an audit target electronic mail.

  The present invention is also capable of communicating with a transmission terminal that transmits an electronic mail and an administrator terminal used by an administrator who audits the electronic mail transmitted from the transmission terminal, and the electronic mail transmitted from the transmission terminal A method for controlling an information processing apparatus comprising storage means for storing an audit object determination rule for determining whether or not an audit object is to be audited and a change condition that is a condition for changing the audit object determination rule The acquisition unit of the information processing apparatus acquires an e-mail transmitted from the transmission terminal, the determination unit of the information processing apparatus stores the e-mail acquired by the acquisition step, and the storage unit A determination step of determining whether the electronic mail is to be an audit target electronic mail according to a stored audit target determination rule, and the transmission means of the information processing apparatus includes the determination process The transmission step of transmitting the data of the email determined as the email to be audited in order to be displayed on the administrator terminal, and the determination unit of the information processing apparatus, the email acquired by the acquisition step, A determination step for determining whether the change condition stored in the storage unit is met, and the change unit of the information processing apparatus stores the e-mail acquired in the acquisition step in the determination step. A change step of changing the audit object decision rule stored in the storage means when it is determined that the change condition is met, wherein the decision step includes the e-mail acquired by the acquisition step And determining whether or not the e-mail is to be audited according to the audit target determination rule changed by the changing step

  The present invention is also capable of communicating with a transmission terminal that transmits an electronic mail and an administrator terminal used by an administrator who audits the electronic mail transmitted from the transmission terminal, and the electronic mail transmitted from the transmission terminal A program that can be read and executed by an information processing apparatus having a storage unit that stores an audit target determination rule for determining whether or not an audit target is to be audited and a change condition that is a condition for changing the audit target determination rule The information processing apparatus according to the acquisition means for acquiring an e-mail transmitted from the transmission terminal, the e-mail acquired by the acquisition means, and the audit target determination rule stored in the storage means Determining means for determining whether the e-mail is to be audited e-mail; and e-mail determined by the determining means as the e-mail to be audited Transmitting means for displaying data to be displayed on the administrator terminal, determination means for determining whether the e-mail acquired by the acquiring means matches a change condition stored in the storage means, A change that changes the audit target determination rule stored in the storage unit when the determination unit determines that the e-mail acquired by the acquisition unit matches the change condition stored in the storage unit And the determination unit determines whether the email is to be audited according to the email acquired by the acquisition unit and the audit target determination rule changed by the change unit. It is made to function as follows.

  ADVANTAGE OF THE INVENTION According to this invention, the complicated operation | work which concerns on the setting change of this rule by the administrator who manages the rule for determining whether an email is made into audit object can be reduced.

It is a figure which shows the structure of the information processing system which concerns on embodiment of this invention. It is a block diagram which shows the basic composition of the email monitoring server 101 shown in FIG. It is a sequence chart which shows operation | movement of the information processing system which concerns on this embodiment. It is a flowchart which shows the process for implement | achieving a filtering function and a filtering rule change function. It is a figure which shows an example of the filtering rule (transmission impossible condition (a) and transmission suspension condition (b)) memorize | stored in memory | storage parts, such as HDD204 of the email monitoring server 101. FIG. It is a figure which shows an example of the change conditions for changing a filtering rule. It is a figure which shows an example of an audit object mail table. It is a figure which shows an example of the filtering rule (transmission impossible condition or transmission suspension condition) changed in step S403. It is a figure which shows an example of the flowchart which shows the detailed process of step S404 and step S409 mentioned later. It is a flowchart which shows the auditing process of the email to be audited. It is a figure which shows an example of an audit object mail table. It is a figure which shows an example of an audit | inspection screen.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments to which the invention is applied will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a diagram showing a configuration of an information processing system according to an embodiment of the present invention.

  In FIG. 1, reference numeral 101 denotes an electronic mail monitoring server.

  The e-mail monitoring server 101 stores the e-mail storage process instructed to be transmitted from the local network 105 to the wide-area line 120, the transmission permission / rejection determination / holding determination process, the transmission permission / rejection determination, and the conditions for determining the hold.・ Has a function to change.

  The email monitoring server 101 is an application example of the information processing apparatus of the present invention.

  Reference numeral 102 denotes an electronic mail server. For example, the electronic mail server 102 transmits and receives mail between the information processing apparatus 104-1 and the information processing apparatus 104-2. The e-mail server 102 manages mail transmission / reception between the information processing apparatus 104-1 and an apparatus outside the local network 105 (the information processing apparatus 114 in the figure). As described above, the e-mail server 102 performs a process of transmitting mail to the transmission destination specified by the mail address. Since such a series of processes performed by the e-mail server 102 is well known, further explanation is omitted.

  Reference numeral 103 denotes an LDAP server that provides a directory service for managing corporate directory information, that is, corporate directory information such as a mail address of a user who uses a network and information on an organization. The directory service applicable to the present invention is not limited to LDAP, but may be other services. For example, it may be Active Directory, NDS (NetWare Directory Service), or the like. LDAP is an abbreviation for Lightweight Directory Access Protocol.

Reference numerals 104-1, 104-2, and 104-3 are information processing apparatuses, which are ordinary computers, and have an e-mail transmission / reception function. The information processing apparatuses 104-1, 104-2, and 104-3 also operate as Web service clients, and can transmit and receive WEB mail and the like using a browser.
Information processing apparatuses 104-1 and 104-2 are application examples of the transmission terminal of the present invention.

The administrator terminal 104-3 is a terminal used by an administrator (auditor), and is a terminal that audits an email whose transmission is suspended by the email monitoring server 101 and an audit of the transmitted email. . In the present embodiment, the administrator terminal 104-3 will be described as a terminal used by the administrator.
The administrator terminal 104-3 is an application example of the administrator terminal of the present invention.

  The information processing device 104-1, the information processing device 104-2, the administrator terminal 104-3, the email monitoring server 101, and the email server 102 are connected to each other via a local network 105 so that they can communicate with each other.

  An information processing apparatus 114 and an e-mail server 112 are connected to the local network 115. The information processing apparatus 114 and the e-mail server 112 are connected to each other via a local network 115 so that they can communicate with each other.

  Similar to the information processing apparatus 104, the information processing apparatus 114 is a normal computer and has an e-mail transmission / reception function. Further, like the information processing apparatus 104, the information processing apparatus 114 also operates as a Web service client, and can send and receive WEB mail and the like using a browser. The e-mail server 102 manages, for example, mail transmission / reception between the information processing apparatus 104-1 and the information processing apparatus 114. In this way, the e-mail server 112 performs a process of sending e-mail to the destination specified by the e-mail address. Since such a series of processing performed by the e-mail server 112 is well known, further explanation is omitted.

  FIG. 2 is a block diagram showing a basic configuration of the email monitoring server 101 shown in FIG. In FIG. 2, reference numeral 201 denotes a CPU that controls the entire email monitoring server 101 using programs and data stored in the RAM 202 and the ROM 203 and executes each process described below performed by the email monitoring server 101. .

  A RAM 202 includes an area for temporarily storing programs and data loaded from the HDD 204 and the recording medium drive 206, and data received via the network I / F (interface) 205, and the CPU 201 has various types of data. The work area used when executing the process is provided.

  A ROM 203 stores setting data, a boot program, and the like of the e-mail monitoring server 101.

  Reference numeral 204 denotes an HDD, which stores an OS (Operating System) and programs and data for causing the CPU 201 to execute each process described later performed by the e-mail monitoring server 101. Some or all of these programs and data are loaded into the RAM 202 in accordance with the control of the CPU 201, and the CPU 201 performs processing using this, whereby the e-mail monitoring server 101 executes each processing described below.

  204 includes a filtering rule (transmission disabling condition (FIG. 5 (a) or FIG. 8 (a)) or transmission suspension condition (FIG. 5 (b) or FIG. 8 (b))), change shown in FIG. Conditions (conditions for changing transmission disabled conditions (FIG. 6C, FIG. 6D)) and an audit target mail table (FIG. 7 or FIG. 11) are stored.

  The storage unit such as the HDD 204 is an application example of the storage unit and the audit target mail storage unit of the present invention.

  Reference numeral 205 denotes a network I / F for connecting the e-mail monitoring server 101 to the local network 105, and the e-mail monitoring server 101 can perform data communication with an external device via the network I / F 205. .

  Reference numeral 206 denotes a recording medium drive, which reads out programs and data recorded on a storage medium such as a CD-ROM, CD-R / RW, DVD-ROM, DVD-R / RW, and DVD-RAM and outputs them to the RAM 202. This reading operation is controlled by the CPU 201.

  A keyboard 207 can input various instructions to the CPU 201. A pointing device 208 such as a mouse can input various instructions to the CPU 201.

  Reference numeral 209 denotes a video I / F (interface) which functions as an I / F for supplying an image to be displayed on the display device 210 to the display device 210 as a signal.

  A display device 210 includes a CRT, a liquid crystal screen, and the like, and can display a processing result by the CPU 201 using an image, characters, or the like.

  Reference numeral 211 denotes a peripheral device I / F, which includes a USB port, an IEEE1394 port, and the like, and can be connected to the peripheral device via the peripheral device I / F 211. The connection form with the peripheral device may be wired or wireless. A bus 212 connects the above-described units.

  The electronic mail servers 102 and 112, the LDAP server 103, and the information processing apparatuses 104-1, 104-2, 104-3, and 114 shown in FIG. 1 have the same configuration.

  Next, a basic operation of the information processing system according to the present embodiment will be described with reference to FIG.

  FIG. 3 is a sequence chart showing the operation of the information processing system according to the present embodiment.

  Here, a case will be described in which information processing apparatus 104-1 instructs external information processing apparatus 114 to transmit an e-mail.

  First, when the information processing apparatus 104-1 transmits an e-mail (step S301), the e-mail server 102 that has acquired the e-mail transmits the e-mail to the e-mail monitoring server 101 (step S302).

  Then, when the e-mail monitoring server 101 acquires the e-mail, whether or not the e-mail matches a filtering rule (transmission disable condition or transmission hold condition shown in FIG. 5) stored in the e-mail monitoring server 101. The process which determines whether is performed (step S303). The determination process performed in step S303 corresponds to steps S901 and S904 shown in FIG. Detailed processing in step S303 will be described in detail later.

  FIG. 5 is a diagram illustrating an example of filtering rules (transmission disable condition (a) and transmission hold condition (b)) stored in a storage unit such as the HDD 204 of the e-mail monitoring server 101.

  Here, the case where the e-mail monitoring server 101 acquires an e-mail to be transmitted from the information processing apparatus 104-1 to the external information processing apparatus 114 is described. However, information transmitted from the external information processing apparatus 114 is described. The configuration may be such that the e-mail monitoring server 101 acquires e-mail addressed to the processing device 104-1. Of course, the configuration may be such that the e-mail monitoring server 101 acquires an e-mail transmitted from the information processing apparatus 104-1 to the information processing apparatus 104-2 and determines whether or not the filtering rule is met.

  Here, the transmission disabling condition (a) and the transmission hold condition (b) shown in FIG. 5 will be described.

  FIG. 5A is a diagram illustrating an example of a transmission disabling condition that is a filtering rule.

  FIG. 5A shows an example of condition 1, condition 2, condition 3, condition 4 and four transmission disabled conditions.

  The CPU 201 of the e-mail monitoring server 101 determines whether or not the received e-mail is an e-mail that meets any one of the four conditions. If they match, the CPU 201 of the email monitoring server 101 cancels (prohibits) the transmission of the email, and the transmission of the email is stopped (prohibited) to the information processing apparatus 104-1 that is the transmission source. Notification to that effect is made (step S304).

  The transmission disabling condition (FIG. 5A) includes items of “transmission disabling condition number”, “transmission source”, “destination”, “mail text”, and “attached data”.

The “transmission disabled condition number” is a number for identifying and specifying a transmission disabled condition (record). In the “transmission source”, the e-mail address of the e-mail transmission source and the domain of the transmission source are registered. In “destination”, an email address of a destination of an electronic mail and a domain of the destination are registered. In the “mail body”, a character string of the mail body of the electronic mail is registered. In the “attached data”, a character string of attached data such as an attached file attached to an e-mail is registered.

  In addition, “-” registered in the items of “transmission source”, “destination”, “mail text”, and “attached data” indicates that there is no condition.

  Next, each condition of the transmission disabling condition (a) shown in FIG.

  Condition 1: “@ example1.co.jp” (predetermined destination domain) is included in the e-mail address of the e-mail destination.

  Condition 2: A predetermined character string “New product: Product name 1” is included in the email body of the email, or “New product: Product name 1” is included in the attached data such as an attached file attached to the email. ”Is included.

  Condition 3: “fuji@example3.co.jp” (predetermined destination address) is included in the e-mail address of the e-mail, and a predetermined character string “development code name” is included in the e-mail body of the e-mail. A predetermined character string “development code name” is included in attached data such as an attached file included in an e-mail.

  Condition 4: The email address of the email is “ogata@example4.com” (predetermined sender address), and the email address of the email is “@ example2.co.jp” (predetermined Destination domain).

  Next, the transmission suspension condition shown in FIG.

  FIG. 5B is a diagram illustrating an example of a transmission suspension condition that is a filtering rule.

  The transmission suspension condition in FIG. 5B is an application example of the audit target determination rule of the present invention. That is, the transmission suspension condition in FIG. 5B is an audit target determination rule for determining whether the acquired electronic mail is an audit target.

  FIG. 5B shows an example of condition 6, condition 7, condition 8, condition 9, condition 10, and five transmission suspension conditions.

  The CPU 201 of the e-mail monitoring server 101 determines whether or not the acquired e-mail is an e-mail that matches any one of the five conditions. If it is determined that the e-mail matches, the e-mail is sent to the e-mail monitoring server 101. Hold without sending to destination. That is, the electronic mail is stored in a storage unit such as the HDD 204 or the RAM 202 of the electronic mail monitoring server 101. Specifically, the data of the electronic mail whose transmission is suspended is stored in the audit target mail table shown in FIG. The audit target mail table shown in FIG. 7 is stored in a storage unit such as the HDD 204 or the RAM 202 of the electronic mail monitoring server 101.

As described above, when the acquired email matches the transmission suspension condition, the CPU 201 of the email monitoring server 101 determines that the email is an email that needs to be audited by the administrator, and performs a preliminary audit on the administrator terminal. Is transmitted (step S306).
The transmission hold condition (FIG. 5B) includes items of “transmission hold condition number”, “transmission source”, “destination”, “mail text”, and “attached data”.

The “transmission hold condition number” is a number for identifying and specifying the transmission hold condition (record). In the “transmission source”, the e-mail address of the e-mail transmission source and the domain of the transmission source are registered. In “destination”, an email address of a destination of an electronic mail and a domain of the destination are registered. In the “mail body”, a character string of the mail body of the electronic mail is registered. In the “attached data”, a character string of attached data such as an attached file attached to an e-mail is registered.
In addition, “-” registered in the items of “transmission source”, “destination”, “mail text”, and “attached data” indicates that there is no condition.

  Next, each condition of the transmission suspension condition shown in FIG. 5B will be specifically described.

  Condition 6: The email address of the email sender is “ogata39@example4.com” (predetermined sender email address), and the email address of the email destination is “ogata@example3.co.jp” ( E-mail address of a predetermined destination).

  Condition 7: A predetermined character string “patent search” is included in the mail body of the e-mail, or a predetermined character string “patent search” is included in the attached data of the e-mail.

  Condition 8: The e-mail sender's mail address is “tanaka@example4.com” (predetermined sender mail address), and a predetermined character string “confidential” is included in the e-mail body of the e-mail. .

  Condition 9: “ebe@example3.com” (predetermined destination email address) is included in the email address of the email destination.

  Condition 10: The e-mail sender's mail address is “fukuoka@example4.com” (predetermined sender mail address), and a predetermined character string “confidential” is included in the mail body of the e-mail. .

  In addition, the CPU 201 of the email monitoring server 101 determines whether the email transmitted from the information processing apparatus 104-1 is in either the transmission disabling condition (FIG. 5A) or the transmission suspension condition (FIG. 5B). If it is determined that the condition is not met, the electronic mail is transmitted to the information processing apparatus 114 via the external network (wide area line) 120 to be relayed to the destination of the electronic mail (step S305).

  As described above, the CPU 201 of the e-mail monitoring server 101 transmits (relays) the e-mail to the destination set in the e-mail according to the acquired e-mail data, the transmission disabled condition, and the transmission hold condition. Or, it is determined whether transmission is suspended without transmission (relay) or transmission is stopped (prohibited) without transmission (relay).

  When the transmission of the e-mail is suspended, the CPU 201 of the e-mail monitoring server 101 causes the administrator to perform a preliminary audit (steps S306 to S309).

  Specifically, the CPU 201 of the email monitoring server 101 transmits an email audit request to the administrator terminal 104-3 (step S306).

  When the CPU 201 of the administrator terminal 104-3 receives the audit request, the CPU 201 displays on the display device 210 of the administrator terminal 104-3 that the audit request has been received.

  When the CPU 201 of the administrator terminal 104-3 receives from the administrator an instruction for requesting execution of an e-mail to be pre-audited (instruction to display a list screen of e-mails to be pre-audited), the CPU 201 Then, a request for executing an e-mail to be pre-audited (request to display a list screen of e-mails to be pre-audited) is transmitted to the e-mail monitoring server 101 (step S307).

  The CPU 201 of the e-mail monitoring server 101 that has received the e-mail list screen display request displays information for displaying a list display screen (hereinafter also referred to as a pre-audit screen) of e-mails whose transmission is suspended. The generated information is transmitted to the administrator terminal 104-3 (step S308).

  Next, the CPU 201 of the administrator terminal 104-3 displays a list display screen of e-mails to be pre-audited based on the information on the display device 210, and determines whether or not the displayed e-mail can be transmitted from the administrator. Accept. Then, the CPU 201 of the administrator terminal 104-3 transmits the result of the pre-audit received from the administrator (information indicating whether the e-mail can be transmitted or suspended) to the e-mail monitoring server 101 (step S309). ).

  The CPU 201 of the e-mail monitoring server 101 that has received the result of the preliminary audit stores the result in a storage unit such as the HDD 204 and performs processing according to the result (transmission control indicated by the content of the result of the preliminary audit). Execute.

  That is, if transmission of an email is permitted, the CPU 201 of the email monitoring server 101 transmits the email to the information processing apparatus 114 (step S305). On the other hand, if the transmission of the email is rejected (cancelled (prohibited)), the CPU 201 of the email monitoring server 101 stops the transmission of the email and notifies the information processing apparatus 104-1 to that effect (step) S304). If the transmission of the e-mail is suspended, the CPU 201 of the e-mail monitoring server 101 stores the e-mail data in the HDD 204 or the like of the e-mail monitoring server 101 in order to use the e-mail data as the pre-audit e-mail. Stored in the audit target mail table (FIG. 7) stored in the section.

  As described above, in this embodiment, it is determined whether to transmit (relay) an e-mail according to the transmission disabling condition and the transmission suspension condition, or the audit result by the administrator in the preliminary audit.

  In step S303 described above, it is determined whether to permit transmission (relay) of the e-mail and whether to defer transmission of the e-mail using the filtering rule shown in FIG. It is necessary to audit whether such a determination was appropriate.

For example, it is necessary to audit (recognize) after the determination whether it was an e-mail that can be sent (relayed) or an e-mail that should be stopped. .
The outline of the post-audit will be described below using steps S310 to S312 shown in FIG.

  The CPU 201 of the administrator terminal 104-3 transmits a request for performing post-audit to the electronic mail monitoring server 101 (step S310). The CPU 201 of the e-mail monitoring server 101 that has received the request generates information for displaying a list display screen including a list of e-mail data to be post-audit, and the generated information is sent to the administrator terminal 104-. 3 (step S311).

  When the CPU 201 of the administrator terminal 104-3 receives the information, the CPU 201 displays a list display screen of e-mails to be audited based on the information, and receives the evaluation of the displayed e-mail from the administrator. Here, as an evaluation result received from the administrator, for example, “transmission allowed / transmission rejected / check required / neither” can be cited. Then, the CPU 201 of the administrator terminal 104-3 transmits the evaluation result of the email received from the administrator to the email monitoring server 101 (step S312).

  The CPU 201 of the e-mail monitoring server 101 that has received the e-mail evaluation result stores the evaluation result in a storage unit such as the HDD 204 in association with the e-mail.

  Next, the e-mail monitoring server 101 receives the e-mail transmitted from the information processing apparatus 104-1, and the e-mail is stored in the e-mail monitoring server 101 (filtering disable condition or transmission hold condition). ) And a filtering rule changing function for changing the contents of the filtering rule according to data included in the e-mail will be described with reference to FIG.

  FIG. 4 is a flowchart showing a process for realizing the filtering function and the filtering rule changing function.

  The processing from step S401 to step S410 shown in FIG. 4 is implemented by the CPU 201 of the email monitoring server 101 being executed.

  Also, the processing in steps S411 and S412 shown in FIG. 4 is implemented by the CPU 201 of the administrator terminal 104-3 being executed.

  First, the e-mail monitoring server 101 acquires the e-mail transmitted from the information processing apparatus 104-1 (acquisition means) (step S401).

  Then, the e-mail monitoring server 101 indicates that the content of the data included in the e-mail acquired in step S401 is the change condition shown in FIG. 6 (change condition of the transmission disable condition (FIG. 6C)), change of the transmission hold condition. It is determined whether or not the condition (FIG. 6D) is met (determination means) (step S402).

  FIG. 6 is a diagram illustrating an example of a change condition for changing the filtering rule.

  FIG. 6C shows a change condition for changing the transmission disabling condition (FIG. 5A), and FIG. 6D shows the transmission hold condition (FIG. 5B) (determining the audit target). The change condition for changing (rule) is shown.

  The transmission disable condition changing conditions (FIG. 6C) are “transmission disable condition number to be deleted”, “sender”, “destination”, “mail body / attached data 1”, “mail body / attached data 2”. It consists of items.

  In the “transmission disabled condition number to be deleted”, the transmission disabled condition number of the transmission disabled condition to be deleted is registered.

  In addition, the “transmission source”, “destination”, and “mail body / attached data 1” in the transmission disabling condition changing condition (FIG. 6C) are shown in the transmission disabling condition (a) shown in FIG. Common to the “transmission source”, “destination”, “mail body”, and “attached data” of the transmission disabled conditions.

That is, in “transmission source”, a mail address of a transmission source of an electronic mail and a domain of the transmission source are registered. In “destination”, an email address of a destination of an electronic mail and a domain of the destination are registered. Also, in “Mail body / attached data 1”, a character string of the mail body of the e-mail or a character string of attached data such as an attached file attached to the e-mail is registered.
Further, “-” registered in the items of “transmission source”, “destination”, and “mail text / attached data 1” indicates that there is no condition for the item.

  “Mail text / attached data 2” is information used as a key for deleting the transmission disabling condition registered in the items “sender”, “destination”, and “mail text / attached data 1”. Specifically, the character string of the mail body of the e-mail or the character string of the attached data such as an attached file attached to the e-mail is registered.

  In the example of FIG. 6C, it is indicated that the change condition is that “new product: product name 1” and “released” are included in the email body or attached data of the email. .

  The fact that “New product: Product name 1” is included in the e-mail body of the e-mail or attached data is a common condition that is also used in the transmission disabling condition (condition 2). The key is used to delete the transmission disabled condition (condition 2) used in common.

  Next, the transmission hold condition changing condition (FIG. 6D) will be described.

  The transmission hold condition changing conditions (FIG. 6D) are “transmission hold condition number to be deleted”, “sender”, “destination”, “mail body / attached data 1”, “mail body / attached data 2”. It consists of items.

  In “transmission hold condition number to be deleted”, the transmission hold condition number of the transmission hold condition to be deleted is registered.

  In addition, the “transmission source”, “destination”, and “mail text / attached data 1” in the transmission hold condition change condition (FIG. 6D) are shown in the transmission hold condition (b) shown in FIG. Common to the “transmission source”, “destination”, “mail body”, and “attached data” of the transmission suspension condition.

  That is, in “transmission source”, a mail address of a transmission source of an electronic mail and a domain of the transmission source are registered. In “destination”, an email address of a destination of an electronic mail and a domain of the destination are registered. Also, in “Mail body / attached data 1”, a character string of the mail body of the e-mail or a character string of attached data such as an attached file attached to the e-mail is registered.

  Further, “-” registered in the items of “transmission source”, “destination”, and “mail text / attached data 1” indicates that there is no condition for the item.

  “Mail text / attached data 2” is information used as a key for deleting the transmission suspension condition registered in the items “sender”, “destination”, and “mail text / attached data 1”. Specifically, the character string of the mail body of the e-mail or the character string of the attached data such as an attached file attached to the e-mail is registered.

  Next, an example of a transmission suspension condition changing condition in which “transmission suspension condition number to be deleted” is “condition 8” will be described with reference to FIG.

  Next, in the example of the change condition of “Condition 8”, the email address of the email sender is “tanaka@example4.com”, and the email body of the email or the attached file attached to the email That the attached keywords such as “confidential” and “no longer” are included in the transmission hold condition (record) of condition 8 of the transmission hold condition ((b) of FIG. 5). It is a condition for deletion.

  As described above, the email address of the email is “tanaka@example4.com”, and “confidential” is included in the email body of the email or the attached data such as the attached file attached to the email. This includes the transmission suspension condition of condition 8 of the transmission suspension condition (FIG. 5B) (matches the transmission suspension condition (record) of condition 8). That is, the transmission suspension condition changing condition (FIG. 6D) includes the transmission suspension condition of condition 8 of the transmission suspension condition (FIG. 5B) as a common condition.

  That is, the fact that the predetermined keyword “no longer” is included in the email body of the email or the attached data such as an attached file attached to the email means that the commonly used transmission This is a key for deleting the hold condition (condition 8).

  Returning to the description of FIG.

  The e-mail monitoring server 101 changes the data included in the e-mail acquired in step S401 to change the filtering rule stored in the storage unit of the e-mail monitoring server 101 (change condition of transmission disabled condition ( 6C), it is determined whether or not the transmission hold condition changing condition (FIG. 6D) is met (step S402).

  Then, the data included in the e-mail acquired in step S401 is a change condition for changing the filtering rule stored in the storage unit of the e-mail monitoring server 101 (change condition for the transmission disabled condition (FIG. 6C). ), Or the transmission suspension condition change condition (FIG. 6 (d))) (step S402: YES), it is determined that the transmission condition is not matched, or the transmission suspension condition number. Is changed by deleting the record of the filtering rule (transmission disabled condition (FIG. 5 (a)) or transmission hold condition (FIG. 5 (b))) identified and specified from (change means) (step S403) The process proceeds to step S404.

  In step S403, the e-mail acquired in step S401 is deleted by deleting the record of the transmission hold condition (FIG. 5B) identified and specified from the transmission hold condition number of the change condition determined to match in step S402. However, the transmission suspension condition is changed so that the e-mail to be audited is not determined.

  FIG. 8 shows the filtering rule (transmission disabled condition (FIG. 8A) or transmission suspension condition (FIG. 8B)) changed in step S403.

  FIG. 8 is a diagram illustrating an example of the filtering rule (transmission disabled condition or transmission hold condition) changed in step S403.

  The transmission disabled condition (FIG. 8A) matches the condition of the record of condition 2 of the transmission disabled condition changing condition (FIG. 6A), and condition 2 of the transmission disabled condition (FIG. 5A). This is a transmission disallowing condition in which the record of is deleted.

  Further, the transmission hold condition (FIG. 8B) matches the condition of the record of the condition 8 record in the transmission hold condition change condition (FIG. 6B), and the transmission hold condition (FIG. 5B). This is a transmission suspension condition in which the record of condition 8 is deleted.

  These changed transmission disabling conditions (FIG. 8A) and transmission suspension conditions (FIG. 8B) are used in the processing in steps S404 and S409 described later. In step S402, the content of the data included in the e-mail acquired in step S401 includes the change condition shown in FIG. 6 (change condition of the transmission disabled condition (FIG. 6C)), change condition of the transmission suspension condition (FIG. 6). 6 (d))) is determined not to match (step S402: NO), and when the process of step S404 is executed without performing the process of step S403, the transmission disabling condition (a) shown in FIG. The process of step S404 is executed using the condition (b).

  If it is determined in step S402 that the change condition for changing the filtering rule is not satisfied (step S402: NO), the process proceeds to step S404.

  In step S404, the e-mail monitoring server 101 determines whether to permit transmission of the e-mail acquired in step S401 according to a filtering rule (non-transmission condition or transmission suspension condition). It is determined whether or not to hold the electronic mail.

  FIG. 9 shows a flowchart of detailed processing in step S404.

  Next, detailed processing in step S404 will be described with reference to FIG.

  FIG. 9 is a diagram showing an example of a detailed flowchart of step S404 and step S409 described later.

  9 is executed by the CPU 201 of the email monitoring server 101.

  First, the e-mail monitoring server 101 determines that the e-mail to be processed (in step S404, the e-mail acquired in step S401 becomes the e-mail to be processed, and in step S409, the e-mail acquired in step S408 becomes the e-mail to be processed. However, it is determined whether or not the condition of the transmission disabling condition stored in the storage unit is met (step S901).

  Then, if it is determined that the currently processed email matches any of the transmission disabled conditions (step S901: YES), the email monitoring server 101 determines that the email determined to match Transmission (relay) to the destination set in the e-mail is prohibited (step S902), and a notification that the e-mail is prohibited is sent to the transmission source of the e-mail (steps S903 and S304). .

  If the electronic mail monitoring server 101 determines that the electronic mail currently being processed does not match any of the transmission disabled conditions (step S901: NO), the electronic mail monitoring server 101 proceeds to step S904.

  Next, the e-mail monitoring server 101 determines whether or not the e-mail currently being processed matches the condition of the transmission suspension condition stored in the storage unit (step S904).

  In other words, the e-mail monitoring server 101 determines whether or not the e-mail currently being processed matches the condition of the transmission suspension condition stored in the storage unit, thereby determining the e-mail currently being processed as an audit target. It is determined whether to make an e-mail (determining means).

  That is, the process of step S904 executed in the detailed process of step S404 executed after the transmission suspension condition (FIG. 8B) (audit target determination rule) is changed in step S403 was acquired in step S401. In accordance with the e-mail and the transmission suspension condition changed in step S403 (FIG. 8B) (audit object determination rule), it is determined whether the e-mail is to be audited.

If it is determined that the currently processed email matches any of the transmission suspension conditions (step S904: YES), the email monitoring server 101 suspends transmission (relay) of the email. Then, the data constituting the electronic mail is stored in the audit target mail table shown in FIG.
FIG. 7 is a diagram illustrating an example of the audit target mail table.

  The audit target mail table (FIG. 7) is composed of “ID”, “transmission source”, “destination”, “mail body”, and “attached data”, and is a data table in which data constituting the email is stored. It is.

  “ID” stores identification information (ID) for identifying and specifying an electronic mail to be held. Further, “sender” stores the email address of the sender of the suspended email. Further, the “destination” stores an e-mail address of a destination of the hold e-mail. The “mail text” stores the data of the mail text of the electronic mail to be suspended. In “attached data”, data of an attached file attached to the suspended electronic mail is stored as attached data.

In the example of FIG. 7, the e-mail address of the e-mail whose “ID” is “1” is “ogata39@example4.com”, and the e-mail address of the e-mail destination is “ogata @ example3”. .Com ", the email body of the email is" Send the details of this month's salary ... ", and the text data in the attached file attached to the email is" June salary : 290,000 yen ... ".
Returning to the description of FIG.

  If the e-mail monitoring server 101 determines that the currently processed e-mail does not meet any of the transmission hold conditions (step S904: NO), the e-mail is set as the e-mail. It is transmitted (relayed) to the destination (step S906).

  Then, when the e-mail monitoring server 101 executes the process of step S903, step S905, or step S906, the process returns.

  Returning to the description of FIG.

  Next, when the e-mail monitoring server 101 executes the process of step S404, it is determined in step S404 whether or not the e-mail acquired in step S401 has been suspended in accordance with the filtering rule (transmission hold condition). Is determined (step S405).

  If it is determined in step S405 that the transmission of the email is suspended in step S404 (step S405: YES), the email monitoring server 101 checks the audit request information including the data of the email whose transmission is suspended. Is transmitted to the administrator terminal 104-3 operated by the administrator (auditor) who audits the electronic mail (transmitting means) (step S406).

  When the administrator terminal 104-3 receives the audit request information from the e-mail monitoring server 101 (step S411), the administrator terminal 104-3 displays on the display unit of the administrator terminal 104-3 that the audit request information has been received (step S411). Step S412).

  If the e-mail monitoring server 101 determines in step S405 that transmission of e-mail is not suspended in step S404 (step S405: NO), the process proceeds to step S407.

  Next, the email monitoring server 101 determines whether or not the filtering rule has been changed by the process of step S403 (step S407).

  If it is determined in step S407 that the filtering rule has been changed in step S403 (step S407: YES), the e-mail monitoring server 101 suspends the transmission stored in the audit target mail table in FIG. In step S408, when it is determined that the filtering rule has not been changed in step S403 (step S407: NO), the process proceeds to step S1003. Transition.

  The e-mail monitoring server 101 permits the e-mail to be transmitted in accordance with the filtering rules ((a) and (b) of FIG. 8) changed in step S403 for each acquired e-mail. It is determined whether or not to defer transmission of the electronic mail and whether to transmit the electronic mail (step S409). Detailed processing in step S409 is shown in FIG.

  The description of the flowchart shown in FIG. 9 is as described above.

  Here, a specific example will be briefly described.

  First, the e-mail monitoring server 101 determines that the e-mail acquired in step S401 does not match the change condition in step S402 (NO), and that the e-mail monitoring server 101 matches the transmission hold condition shown in FIG. 5B in step S404. It is determined (step S904: YES), and the electronic mail is stored in the audit target mail table (FIG. 7). In this way, as shown in FIG. 7, the emails stored in the audit target email table (FIG. 7) as the emails to be audited have five “IDs” of “1” to “5”. .

  Next, the e-mail monitoring server 101 determines that the e-mail newly acquired in step S401 is, for example, in step S402, the “transmission hold condition number to be deleted” of the transmission hold condition change condition in FIG. If it is determined that the condition of the record “8” is met, in step S403, the record with the condition “transmission hold condition number” of the transmission hold condition (b) in FIG. change. The transmission hold condition changed in this way is shown in FIG. In step S404, whether the changed transmission hold condition is to hold or send (relay) the email according to FIG. 8B and the email data acquired in step S401. However, in step S403, the condition that the transmission of the e-mail is suspended (condition 8) is deleted, that is, the transmission deferral condition is shown in FIG. Since the hold condition is not included, it is determined in step S904 that the conditions are not met, and the electronic mail is transmitted (relayed) without being held (step S906).

  Then, after the e-mail is transmitted, the filtering rule changed in step S403 and the e-mail audited by the administrator of the administrator terminal 104-3 are stored in the audit target mail table (FIG. 7). In step S409, the transmission of the electronic mail is suspended or transmitted in accordance with the electronic mail data (the electronic mail data whose transmission is suspended in accordance with the filtering rule (transmission suspension condition) before being changed in step S403). Judge whether to relay.

  The e-mail with “3” in the audit target e-mail table of FIG. 7 is an e-mail whose transmission is suspended by the filtering rule (FIG. 5B) before the change in step S403. That is, it is an e-mail whose transmission is suspended due to the condition of the record whose “transmission suspension condition number” in the transmission suspension condition (b) of FIG. 5 is “condition 8”.

  Therefore, in step S409, it is determined that the email whose “ID” is “3” in the audit target mail table (FIG. 7) does not match the transmission suspension condition (FIG. 8B) changed in step S403 ( Step S904: NO), the electronic mail is transmitted (relayed) (Step S906). Here, as described above, in step S906, the transmitted (relayed) e-mail data is deleted from the audit target mail table of FIG.

  As described above, the processing in step S409 deletes the data of the email whose “ID” is “3” in the audit target mail table (FIG. 7), and updates the audit target mail table in FIG. It is.

  FIG. 11 is an audit target mail table in which the audit target mail table (FIG. 7) is updated by the process of step S409.

  As shown in FIG. 11, the e-mail data with “ID” “3” is deleted.

  As described above, among the emails that are suspended as audit targets according to the filtering rule (transmission hold condition) before the change, filtering is performed for emails that are not originally required to be audited when the filtering rule (transmission hold condition) is changed. When the e-ring rule (transmission hold condition) is changed, the inspector can perform audit only for the e-mail that needs to be audited so as not to be the e-mail to be audited. In addition, since an e-mail that does not need to be audited due to the change of the transmission hold condition is transmitted along with the change of the transmission hold condition, information can be efficiently transmitted.

  Next, the description returns to FIG.

  Then, the e-mail monitoring server 101 determines whether or not the process of step S409 has been executed for all the e-mails to be audited acquired in step S408 (step S410), and all the audits acquired in step S408. If it is determined that the process of step S409 has been executed for the target e-mail (step S410: YES), the process proceeds to step S1003, and all the e-mails to be audited acquired in step S408 are still present. If it is determined that the process of step S409 has not been executed (step S410: NO), the other audits that have not executed the process of step S409 among all the audit target emails acquired in step S408. Set the target e-mail as the target e-mail and proceed with the process. Back to the flop S409.

  Next, an audit process for an audit target electronic mail stored in the audit target mail table will be described with reference to FIG.

  FIG. 10 is a flowchart showing an audit process for an email to be audited.

  The processing from step S1001, step S1002, and step S1006 to step S1009 shown in FIG. 10 is executed by the CPU 201 of the administrator terminal 104-3.

  Further, the processing from step S1003 to step S1005 and from step S1010 to step S1016 shown in FIG.

  First, the administrator terminal 104-3 communicates with the email monitoring server 101 and displays an audit start screen for starting a pre-audit.

  Then, the administrator terminal 104-3 accepts an instruction for a pre-audit execution request by an operation of the administrator via the audit start screen (step S1001).

  When the administrator terminal 104-3 receives an instruction for a pre-audit execution request in step S1001, the administrator terminal 104-3 transmits a pre-audit execution request to the e-mail monitoring server 101 (step S1002).

  When the e-mail monitoring server 101 receives a pre-audit execution request from the administrator terminal 104-3 (step S1003), the e-mail to be audited by the administrator operating the administrator terminal 104-3 Is acquired from the audit target mail table (for example, FIG. 11) (step S1004) and transmitted to the administrator terminal 104-3 (transmission means) (step S1005).

  Upon receiving the audit target email data from the email monitoring server 101 (step S1006), the administrator terminal 104-3 displays an audit screen (FIG. 12) including a list of the audit target email data. (Step S1007).

  FIG. 12 is a diagram illustrating an example of an audit screen.

  On the audit screen (FIG. 12), a radio button 1201 for non-transmission for inputting an audit result (any one of transmission impossible, transmission permission, and transmission suspension) by the auditor for each email to be audited, A transmission permission radio button 1202 and a transmission suspension radio button 1203 are displayed.

  The administrator terminal 104-3 then inputs an audit result (selection of radio buttons 1201, 1202, and 1203) by the administrator via the audit screen for the audit target email displayed on the audit screen. ) Is received (step S1008).

  When the administrator presses the send button 1204, the administrator terminal 104-3 transmits the audit result information indicating the audit result received in step S1008 to the email monitoring server 101 (step S1009).

  The audit result information transmitted here corresponds to the information (ID) for identifying the e-mail, and the information indicating that the e-mail cannot be transmitted, the transmission suspension, and the transmission permission identifies the audited e-mail. This is information included for each piece of information (ID).

  Next, when receiving the audit result information from the administrator terminal 104-3 (step S1010), the e-mail monitoring server 101 determines whether the audit result indicated in the audit result information is information indicating that transmission is not possible. When it is determined (step S1011) and it is determined that the audit result indicated in the audit result information is information indicating that transmission is not possible (step S1011: YES), the audit result corresponding to the information indicating that transmission is not possible The e-mail data (record) specified by the information (ID) for identifying the e-mail included in the information is deleted from the audit target table, and transmission (relay) of the e-mail is prohibited ( Step S1015).

  Then, a notification that the transmission (relay) of the electronic mail is prohibited is sent to the transmission source of the electronic mail whose transmission (relay) is prohibited in step S1015 (step S1016).

  Next, when it is determined in step S1011 that the audit result indicated in the audit result information is not information indicating that transmission is not possible (NO), the audit result indicated in the audit result information is information indicating that transmission is suspended. It is determined whether or not there is (step S1012).

  If it is determined in step S1012 that the audit result indicated in the audit result information is information indicating transmission suspension (YES), the email monitoring server 101 performs an audit corresponding to the information indicating transmission suspension. Sending (relaying) the e-mail by keeping the data (record) of the e-mail specified by the information (ID) for identifying the e-mail included in the result information stored in the audit target table ) Is suspended (step S1013).

  If it is determined in step S1012 that the audit result indicated in the audit result information is information indicating transmission permission (NO), the email monitoring server 101 performs an audit corresponding to the information indicating transmission permission. An email specified by information (ID) for identifying an email included in the result information is transmitted (relayed) to the destination of the email, and the email data (record) is audited Delete from the target table (step S1014).

  As described above, according to the present invention, it is possible to reduce a troublesome work related to a change in setting of a rule by an administrator who manages a rule for determining whether an email is to be audited.

  Further, in the present embodiment, when it is determined that the acquired e-mail matches the stored change condition, the audit object determination rule for determining the e-mail as an audit target is set as the audit target electronic mail. Although it has been explained that a change is made so that it is not determined as an e-mail, if it is determined that the acquired e-mail matches the stored change conditions, the e-mail is determined as an e-mail to be audited. The audit target determination rule that is not performed may be changed so as to be determined as an email to be audited.

  That is, the changing means of claim 1 is configured such that when the determining means determines that the e-mail acquired by the acquiring means matches the changing condition stored in the storing means, the determining means The audit object determination rule that is not determined as an electronic mail to be audited may be changed to be determined as an electronic mail to be audited.

  The embodiment of the present invention has been described in detail above. However, the present invention can take an embodiment as a system, an apparatus, a method, a program that can be read and executed by the apparatus, a storage medium, or the like. In addition, the present invention may be applied to a system composed of a plurality of devices, or may be applied to an apparatus composed of a single device.

  Another object of the present invention is to supply a storage medium storing software program codes for realizing the functions of the above-described embodiments to a system or apparatus, and the computer (or CPU or MPU) of the system or apparatus stores the storage medium. Needless to say, this can also be achieved by reading and executing the program code stored in.

  In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the program code itself and the storage medium storing the program code constitute the present invention.

  As a storage medium for supplying the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile card, a ROM, or the like can be used.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (basic system or operating system) running on the computer based on the instruction of the program code. Needless to say, a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Further, after the program code read from the storage medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function is determined based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion board or function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

101 Email monitoring server 102, 112 Email server 103 LDAP server 104-1, 104-2, 114 Information processing device 104-3 Information processing device (administrator terminal)
105 Local network 120 Wide area line

An object of the present invention is to provide a mechanism for reducing a troublesome work related to a change of an audit target determination rule by an administrator who manages an audit target determination rule for determining whether an email is to be audited. It is to be.

The present invention obtains an electronic mail transmitted from the transmitting terminal, in accordance with audited decision rules for determining the pre-Symbol email and email audited, and email audited the email an information processing apparatus for determining whether a to a storage means for storing a condition at which change condition for changing the pre-Symbol audited decision rule obtaining means for obtaining an e-mail sent from the transmitting terminal , the contents of the e-mail obtained by the obtaining unit, a determination unit configured to determine satisfies the change condition stored in the storage means, in the determination unit, the contents of the acquired e-mail by said acquiring means but if it is determined that satisfies the change condition stored in the storage means, and changing means for changing the audited decision rule stored in the storage means, the And wherein the e Ru.

The present invention also provides:
Storage means for storing a change condition that is a condition for changing an audit object determination rule for determining whether an e-mail transmitted from a transmission terminal is an e-mail to be audited is transmitted from the transmission terminal. And an information processing apparatus control method for determining whether the electronic mail is to be audited according to the audit target determination rule, wherein the acquisition means of the information processing apparatus includes the transmission an acquisition step of acquiring an e-mail transmitted from the terminal, whether the determination means of the information processing apparatus, the content of the e-mail obtained by the obtaining step, satisfies the change condition stored in the storage means a determining step, changing means of the information processing apparatus, wherein in the determination step, the contents of the acquired e-mail by the obtaining step, stored in the storage means When it is determined that meet with and change condition is characterized and changing step of changing the audited decision rule stored in the storage means, that Ru comprising a.

The present invention also provides:
Storage means for storing a change condition that is a condition for changing an audit object determination rule for determining whether an e-mail transmitted from a transmission terminal is an e-mail to be audited is transmitted from the transmission terminal. It acquires that e-mail, the following audited decision rule, there read a program executable by an information processing apparatus for determining whether an electronic mail audited the electronic mail, the information processing apparatus, the transmitting terminal acquisition means for acquiring an e-mail sent from the contents of the e-mail obtained by the obtaining unit, a determination unit configured to determine satisfies the change condition stored in the storage means, in said determination means , if the contents of the e-mail obtained by the obtaining unit is determined to meet the change condition stored in the storage means, the Symbol Characterized in that to function as changing means for changing the audited decision rule stored in the unit.

ADVANTAGE OF THE INVENTION According to this invention, the complicated operation | work which concerns on the change of this audit object determination rule by the administrator who manages the audit object determination rule for determining whether an email is made into an audit object can be reduced.

Claims (5)

An information processing apparatus capable of communicating with a transmission terminal that transmits an e-mail and an administrator terminal used by an administrator who audits an e-mail transmitted from the transmission terminal,
Obtaining means for obtaining an e-mail transmitted from the sending terminal;
A storage unit for storing an audit target determination rule for determining whether the email acquired by the acquisition unit is an audit target, and a change condition that is a condition for changing the audit target determination rule;
A determination unit that determines whether the email is to be audited according to the email acquired by the acquisition unit and the audit target determination rule stored in the storage unit;
Transmitting means for transmitting the data of the email determined as the email to be audited by the determining means to be displayed on the administrator terminal;
A determination unit that determines whether the e-mail acquired by the acquisition unit matches a change condition stored in the storage unit;
When the determination unit determines that the e-mail acquired by the acquisition unit matches the change condition stored in the storage unit, the audit target determination rule stored in the storage unit is changed. Change means,
With
The determining means determines whether the e-mail is to be audited according to the e-mail acquired by the acquiring means and the audit object determination rule changed by the changing means. Information processing device.   When the determination unit determines that the e-mail acquired by the acquisition unit matches the change condition stored in the storage unit, the change unit converts the e-mail to the determination unit, The information processing apparatus according to claim 1, wherein an audit object determination rule determined as an electronic mail to be audited is changed so as not to be determined as an electronic mail to be audited. The determination means further comprises an audit target mail storage means for storing an email determined as an audit target email according to the audit target determination rule before being changed by the changing means,
The determination means determines whether the email stored in the audit target mail storage means should be an audit target email according to the audit target determination rule changed by the change means. The information processing apparatus according to 1 or 2. Whether it is possible to communicate with a sending terminal that sends an e-mail and an administrator terminal used by an administrator who audits the e-mail sent from the sending terminal, and whether the e-mail sent from the sending terminal is to be audited A method for controlling an information processing apparatus including a storage unit that stores an audit target determination rule for determining a change condition that is a condition for changing the audit target determination rule,
An acquisition step in which the acquisition unit of the information processing apparatus acquires an email transmitted from the transmission terminal;
The determination unit of the information processing apparatus determines whether the email is to be audited according to the email acquired by the acquisition step and the audit target determination rule stored in the storage unit. A decision process;
A transmission step in which the transmission means of the information processing apparatus transmits the data of the email determined as the email to be audited in the determination step to be displayed on the administrator terminal;
A determination step in which the determination unit of the information processing apparatus determines whether the e-mail acquired in the acquisition step matches a change condition stored in the storage unit;
When the determination unit of the information processing apparatus determines that the e-mail acquired in the acquisition step matches the change condition stored in the storage unit in the determination step, the change unit is stored in the storage unit. A change process to change the audit target decision rule,
With
The determining step determines whether the email is to be audited according to the email acquired by the acquiring step and the audit target determination rule changed by the changing step. Control method. Whether it is possible to communicate with a sending terminal that sends an e-mail and an administrator terminal used by an administrator who audits the e-mail sent from the sending terminal, and whether the e-mail sent from the sending terminal is to be audited A program that can be read and executed by an information processing apparatus that includes a storage unit that stores an audit target determination rule for determining the audit target determination rule and a change condition that is a condition for changing the audit target determination rule,
The information processing apparatus;
Obtaining means for obtaining an e-mail transmitted from the sending terminal;
A determination unit that determines whether the email is to be audited according to the email acquired by the acquisition unit and the audit target determination rule stored in the storage unit;
Transmitting means for transmitting the data of the email determined as the email to be audited by the determining means to be displayed on the administrator terminal;
A determination unit that determines whether the e-mail acquired by the acquisition unit matches a change condition stored in the storage unit;
When the determination unit determines that the e-mail acquired by the acquisition unit matches the change condition stored in the storage unit, the audit target determination rule stored in the storage unit is changed. Function as a means of change,
The determining means functions to determine whether the e-mail is to be audited in accordance with the e-mail acquired by the acquiring means and the audit target determination rule changed by the changing means. A program characterized by

Images