Policy Definition Document
※ Last updated: 2026-03-26
Data Type Constraints
| Type | maximum length | Allowed values | Description |
|---|---|---|---|
| integer | - | Only values defined in uiOptions can be used. | Integer value (select type) For example: 0, 1 or 0, 1, 2 |
| string | 2000 characters | Free input (semicolon separated) | String value (text type, character varying) |
Important:
- integer typeOnly the values specified in the uiOptions of each policy can be used.
- Example:
1=사용 함, 0=사용 안함→ Only 0 or 1 can be entered.- Example:
0=차단, 1=원본 반입, 2=기록 모드Only 0, 1, and 2 can be entered.- string typeYou can enter up to 2000 characters, and extensions/keywords are separated by semicolons (;).
Notes on string type:
- Case Sensitivity: Case insensitive.
- Uppercase, lowercase, and mixed case are all allowed.
- Example:
DOC;xlsx;PpTx;→ Normal operation- Duplicate values: Duplicate input allowed (e.g.: __PH_0__)
mp4;mp3;mp4;) - Saved in a duplicated state, but there is no issue with processing.- Whitespace Handling Caution: If it contains spaces, it is saved as is and does not function as intended.
- Incorrect example:
do c; xl s;→ Not recognized as an extension- Correct Example:
doc;xls;→ Enter without spaces
Policy List
| Classification | Policy Name | Policy Description | policyId | policyValue | uiOptions | uiTypeCode | uiTypeDesc | Type |
|---|---|---|---|---|---|---|---|---|
| Common | File Import Method Settings | Select the file import method as 'Decontamination Processing' / 'Original Import' / 'Record Mode'. In Record Mode, decontamination processing and results are recorded according to policy, but the import is conducted as the original file. | SD_DOC_OP_MODE | 1 | 1=Decontamination processing, 0=Original import, 2=Recording mode | 2 | select | integer |
| Setting the Decontamination Treatment Strength | Set the decontamination processing level. 'Maximum Security' identifies all risk factors and extracts only safe content, while 'Maximum Integrity' selects safe content while maintaining the original structure as much as possible. | SD_USE_FAST_SANITIZER | 1 | 1=max security, 0=max consistency | 2 | select | integer | |
| Decontamination Safety Document Handling Settings | Set the handling method for cases where there are no risk factors in Word and PowerPoint documents. Applicable targets: Only Word and PowerPoint (support scope to be gradually expanded). | SD_ORG_IMPORT_IF_NOT_SCAN_THREAT | 0 | 1=Original Import, 0=Decontamination | 2 | select | integer | |
| Setting Size Limit for Decontamination Processing | Set the maximum size of files that can be processed for decontamination. | SD_DOC_LIMIT_SIZE | 100 | - | 1 | text | string | |
| Blocking settings when the decontamination processing size exceeds | Set whether to block files that exceed the specified size limit or to import them as is. | SD_DOC_LIMIT_MODE | 1 | 1=Blocked, 0=Original Import | 2 | select | integer | |
| Block Settings for Unsupported File Extensions | Set the handling method for unsupported file extensions in the system (block / original import / log mode) | SD_NOSUP_EXT_MODE | 1 | 0=Block, 1=Import Original, 2=Record Mode | 2 | select | integer | |
| Extension Spoofing Prevention Settings | Set the handling method for files with mismatched actual format and extension (block / allow original import / log mode). | SD_EXT_MODE | 0 | 0=Block, 1=Import Original, 2=Record Mode | 2 | select | integer | |
| Password Protected Document Processing Settings | Set whether to block password-protected document files or to import them as is. | SD_ENC_DOC_MODE | 0 | 1=Blocked, 0=Original Import | 2 | select | integer | |
| Password Protected Compressed File Handling Settings | Set whether to block password-protected compressed files or import them as is | SD_ENC_ZIP_MODE | 0 | 1=Blocked, 0=Original Import | 2 | select | integer | |
| Encryption File Processing Settings | Set whether to block files encrypted with DRM or to import them as is. | SD_ENCRYPTED_MODE | 0 | 1=Blocked, 0=Original Import | 2 | select | integer | |
| Format Identification Unrecognized File Processing Settings | Set whether to block files that cannot be analyzed due to file corruption or unknown encryption, or to import them as they are. | SD_UNREADABLE_MODE | 0 | 1=Blocked, 0=Original Import | 2 | select | integer | |
| File Extension Unspecified Block Settings | Set whether to block files without extensions or to import them as is. | SD_EXCEPT_NO_EXT | On | Off=Blocked, On=Original Import | 2 | select | integer | |
| Setting File Path Length Exceed Block 여부 | Set whether to block or import as is when the file path length exceeds the system's allowed range. | SD_CDR_LIMIT_PATH_EXCEEDED | OFF | ON=Block, OFF=Import Original | 2 | select | integer | |
| Original Import Settings When Decontamination Error Occurs | Set the handling method (block / original import / log mode) when a system error occurs during the decontamination process. | SD_EXCEPTION_BYPASS | 0 | Off=Blocked, On=Original Import, Log=Record Mode | 2 | select | integer | |
| Setting Timeout Criteria | Set the decontamination operation timeout criteria in minutes | SD_TIMEOUT_MINUTES | 3 | - | 1 | text | string | |
| Original Import Settings on Timeout | Set whether to import as is or block when the decontamination processing time exceeds the set criteria. | SD_TIMEOUT_LIMIT | 1 | On=Block, Off=Import Original | 2 | select | integer | |
| exception | Harmless Extension Filter | Only the entered extensions will be subject to harmless processing. Extensions that are not entered are classified as unsupported extensions. | SD_NON_SPECIFIED_EXTENSIONS | ; | - | 1 | text | string |
| Non-decontamination Excluded Extension Filter | The entered extension will be imported in its original state without any sanitization processing. | SD_FORCE_BYPASS_EXT | ; | - | 1 | text | string | |
| Harmless Deactivation Block Extension Filter | The entered extension is blocked from being imported regardless of whether it is harmful or not. | SD_NOT_ALLOWED_EXTENSIONS | ; | - | 1 | text | string | |
| Blocked Exception Settings for Unsupported Extensions | Specify the extensions that are allowed as exceptions for importing original files among the extensions blocked by the unsupported extension blocking settings. | CQMS_NOSUP_EXCEPT_EXT | ; | - | 1 | text | string | |
| Unsupported File Binary Exception Settings | When blocking unsupported extensions, handle files that match specific binary patterns and extensions as exceptions. | SD_NOT_SUPPORT_EXT_BYPASS | ; | - | 1 | text | string | |
| Exception settings for blocking extension forgery | Specify the extensions that are allowed as exceptions for importing the original when blocking extension forgery. | SD_EXCEPT_EXT | ; | - | 1 | text | string | |
| MS Office | Object (OLE) Deletion Settings in Document | Set whether to remove OLE objects (other documents, executable files, etc.) inserted in MS Office documents. | SD_DOC_OBJ_MODE | 1 | 1=Used, 0=Not used | 2 | select | integer |
| Object retention settings to maintain within the document | Specify the object to keep as an exception when deleting an OLE object | SD_KEEP_OBJECT_LIST | Pbrush;Picture; | - | 1 | text | string | |
| Document Macro Processing Settings | Set whether to remove VBA macros in MS Office documents | CQMS_NOR_OPTION_MACRO | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Remove DDEAUTO Setting in Document | Set whether to remove the DDE feature that allows automatic data exchange between documents | SD_DOC_DDEAUTO_BLOCK_MODE | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Remove ActiveX Control Settings in Document | Set whether to remove ActiveX controls that enable interaction in the document | SD_EXCEL_REMOVE_SHAPE_CONTROL | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Setting ActiveX Content to be Maintained in the Document | Specify ActiveX content to retain as an exception when removing ActiveX controls. | SD_EXCEL_KEEP_ACTIVE | PictureFrame;HostControl;RoundedRectangle;NotPrimitive;TextBox; | - | 1 | text | string | |
| Blocking settings for documents from versions prior to MS Office 97 | Set the blocking of files from MS Office versions prior to 97 that do not meet modern security standards. | SD_DOC_OLD | 0 | 0=Use, 1=Do not use | 2 | select | integer | |
| Setting to Remove OLE External Links in Document | Set whether to remove OLE external links that connect to external files or web addresses in the document. | SD_EXTERNAL_LINK_DELETE | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Remove Hyperlink Settings in Document | Set whether to remove hyperlinks that connect to external files, web addresses, etc. within the document. | SD_LINK_SANITIZE | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Maximum Number of Slides Processed | Set the maximum allowed number of slides in a PowerPoint file. If exceeded, handle according to the 'Handling Method When Slides Exceed' policy. | SD_SLIDES_DENY_COUNT | 120 | - | 1 | text | string | |
| Handling When Exceeding Slides | Set the handling method when the number of slides in a PowerPoint file exceeds the maximum allowed number. | SD_SLIDES_CHECK | Deny | Deny=Block, Permit=Original Import | 2 | select | integer | |
| Settings for Processing Digitally Signed PDFs | Set whether to import the PDF document with the digital signature as is or to process it for redaction. | SD_PDF_DIGITAL_SIGNATURE_BYPASS | 1 | 1=Original Import, 0=Decontamination | 2 | select | integer | |
| PDF JavaScript Removal Settings | Set whether to remove JavaScript that can trigger the execution of malicious code in PDF documents | SD_PDF_REMOVE_JAVA_SCRIPT | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Remove PDF Action Settings | Set whether to remove Actions that trigger specific tasks in a PDF document. | SD_PDF_REMOVE_ACTIONS | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| PDF Annotation Removal Settings | Set whether to remove annotations (notes, highlights, etc.) that may contain malware or links in PDF documents. | SD_PDF_REMOVE_ANNOTATIONS | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| PDF Annotation Exception Settings | Specify the annotation types to keep as exceptions when removing PDF annotations. | SD_WHITE_LIST_ANNOTATIONS | PopupAnnotation;WidgetAnnotation;LinkAnnotation; | - | 1 | text | string | |
| Hancom Office | Setting Object Removal in Hancom Office Documents | Set whether to remove OLE objects inserted in Hancom Office documents | SD_HWP_OBJECT_DELETE | 1 | 1=Used, 0=Not used | 2 | select | integer |
| Removing Hyperlink Settings in Hancom Office Documents | Set whether to remove hyperlinks in Hancom Office documents | SD_HWP_HYPER_LINK_DELETE | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Hancom Office Document Script Removal Settings | Set whether to remove scripts that control or automate the operation of Hancom Office documents. | SD_HWP_BINDATA_NOT_IMG_DELETE | 1 | 1=Used, 0=Not used | 2 | select | integer | |
| Hancom Office Distribution Document Blocking Settings | Set whether to block the Hancom Office file created as 'deployment document' or to import it as is. | SD_SANITIZE_HWP_RELEASE_DENY_DOC | 0 | 1=Blocked, 0=Original Import | 2 | select | integer | |
| Blocking the Creation of Non-Standard MS Office Files in Hancom Office | Set whether to block non-standard MS Office files created in Hancom Office or to import them as is. | SD_BYPASS_MSOFFICE_DOCU_FROM_HANCOM | 0 | 1=Blocked, 0=Original Import | 2 | select | integer | |
| HTML | HTML Script Removal Settings | Set whether to remove scripts that perform dynamic functions within the web page. | SD_REMOVE_SCRIPT_TAG_FROM_MAIL_CONTENTS | 0 | 1=ON, 0=OFF | 2 | select | integer |
| HTML Web Beacon Removal Settings | Set whether to remove web beacons that track user behavior on the web page | SD_REMOVE_WEB_BEACON_FROM_MAIL_CONTENTS | 1 | 1=ON, 0=OFF | 2 | select | integer | |
| Setting to Remove HTML Hyperlinks | Set whether to remove hyperlinks that connect to external files, web pages, etc. within the web page. | SD_REMOVE_LINK_FROM_MAIL_CONTENTS | 1 | 1=ON, 0=OFF | 2 | select | integer | |
| JSON | JSON Duplicate Key Blocking Setting | Set Block Option for Duplicate Keys in JSON Data | SD_JSON_BLOCK_DUPLICATE_KEYS | 1 | 1=Used, 0=Not used | 2 | select | integer |
| Setting Up Block for Specified Executable Links | Block specified executable links (e.g., javascript, powershell, etc.) in JSON data. | SD_JSON_EXEC_URL_SCHEMES_DENYLIST | javascript;data;vbscript;file;powershell;cmd;wscript;mshta; | - | 1 | text | string | |
| Blocking settings for specified built-in file formats (MIME) | Block specified embedded file types (MIME types) in JSON data | SD_JSON_EMBEDDED_MIME_DENYLIST | application/x-dosexec;application/zip; | - | 1 | text | string | |
| Blocking Configuration for Designated Risk Keys | Specified risk key in JSON data (e.g. __PH_0__)proto, blocking constructors, etc. | SD_JSON_DANGEROUS_KEYS_DENYLIST | proto;constructor;prototype;definegetter;definesetter;lookupgetter;lookupsetter; | - | 1 | text | string | |
| Setting Specified Operator Blocking | Block specified operators (e.g., $where, $eval, etc.) in JSON data | SD_JSON_NOSQL_OPERATORS_DENYLIST | $where;$function;$accumulator;$eval; | - | 1 | text | string | |
| TEXT | Regular Expression Filter Settings | Block imports if the text file (txt, log, xml, ini, csv) contains content that matches the regular expression pattern. The default is the resident registration number pattern. | SD_TEXT_REGEX_FILTER | \d{2}(0[1-9]|1[0-2])(0[1-9]|[12]\d|3[01])[-\s]?[1-4]\d{6}; | - | 1 | text | string |
| Text Inclusion Filter Settings | Block import if the specified keyword is included in the text file (txt, log, xml, ini, csv). Case insensitive. | SD_TEXT_KEYWORD_FILTER | ; | - | 1 | text | string | |
| compressed file | Limit on the Number of Files in a Compressed Archive | Set the upper limit on the number of files that can be included in a compressed file | SD_ARCHIVE_MAX_FILE_COUNT | 50 | - | 1 | text | string |
| Compression File Subdirectory Depth Limit | Set the maximum depth of nested compression in the compressed file | SD_ARCHIVE_MAX_NESTED_DEPTH | 3 | - | 1 | text | string | |
| Image file | Image Processing Intensity Settings | Set the processing intensity of image files. 'Maximum Security' removes even steganography, while 'Maximum Integrity' preserves the original image quality as much as possible. | SD_IMAGE_DELETE_STEGANO | 1 | 1=max security, 0=max consistency | 2 | select | integer |
| Service Linker | Move original file output on exception | If an exception occurs due to policy, move the original file to the decontamination output path without leaving it in the original folder (SD_IN). | SD_EXCEPTION_MOVE_ORIGINAL_TO_OUTPUT | 0 | 1=Used, 0=Not used | 2 | select | integer |
| Original File Encryption Settings | Set whether to perform encryption on the original file | SD_SCSL_ENCRYPT_ORIGINAL | 0 | 1=Used, 0=Not used | 2 | select | integer | |
| Decryption File Encryption Settings | Set whether to perform encryption on the sanitized completed file. | SD_SCSL_ENCRYPT_SANITIZED | 0 | 1=Used, 0=Not used | 2 | select | integer | |
| File extensions to be encrypted | Set the target extensions for service linker encryption | SD_SCSL_TARGET_EXTENSIONS | hwp;hwpx;pdf;doc;docx;rtf;ppt;pptx;pps;ppsx;xls;xlsx;xlsb;xlsm;cell;show;png;jpg;jpeg;bmp;gif;tif;tiff;txt;csv; | - | 1 | text | string | |
| Encryption Permission Category ID | Set the "Permission Category ID" to be used for service linker integration. | SD_SCSL_AUTH_CATEGORY_ID | 0000001; | - | 1 | text | string | |
| Encryption Permission Category Name | Set the permission category name to be used for service linker integration | SD_SCSL_AUTH_CATEGORY_NAME | National Security Document | - | 1 | text | string | |
| Integration System Name | Set the name of the target system (or service) when linking the service linker. | SD_SCSL_INTEGRATION_SYSTEM_NAME | one_HANA; | - | 1 | text | string |