https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/49944#M13498 <P>Hi,</P><P>&nbsp;</P><P>As we know that one of the Threat Extraction features offer removal of&nbsp;Hyperlink from the attachment of the mail. Similarly is it possible to remove the hyperlink from the body of the mail.</P><P>&nbsp;</P><P>If threat Extraction cannot do this can any other blade offer this feature?&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 05 Apr 2019 16:02:26 GMT amith_rao 2019-04-05T16:02:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/49944#M13498 <P>Hi,</P><P>&nbsp;</P><P>As we know that one of the Threat Extraction features offer removal of&nbsp;Hyperlink from the attachment of the mail. Similarly is it possible to remove the hyperlink from the body of the mail.</P><P>&nbsp;</P><P>If threat Extraction cannot do this can any other blade offer this feature?&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 05 Apr 2019 16:02:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/49944#M13498 amith_rao 2019-04-05T16:02:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/49999#M13499 <P>Start here:</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk109699&amp;partition=Advanced&amp;product=Mail" target="_self"> ATRG: Mail Transfer Agent (MTA)</A></P> Sat, 06 Apr 2019 15:42:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/49999#M13499 HeikoAnkenbrand 2019-04-06T15:42:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/50015#M13500 <P>Hi&nbsp;<SPAN>Heiko</SPAN></P><P>The ATRG helps us understand how MTA works and the blades which can leverage this feature.</P><P>Supported blades for MTA feature are as follows: Threat Emulation, Threat Extraction, Anti-virus(R80.10 and above) Anti-Spam &amp; E-mail Security.</P><P>But again my requirement is to scrap all the hyperlinks from the body of the Mail irrespective of whether the hyperlinks are genuine or not.</P><P>I am pretty much sure that the Threat extraction and&nbsp;Threat Emulation can do this on the attachments but not on the body of the mail.</P><P>At the same time, Anti-virus and Anti-bot blades can scan the mail body and only quarantine the Hyperlink found malicious.</P><P>But is there any option to quarantine all the hyperlink from mail body whether it is genuine or not?&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>Amith</P> Sat, 06 Apr 2019 19:09:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/50015#M13500 amith_rao 2019-04-06T19:09:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/50083#M13501 <P>Hi Amith,</P><P>Refer the below link for more details.</P><P><A href="https://community.checkpoint.com/t5/SandBlast-Network/SandBlast-and-links-inside-email/td-p/15798" target="_blank" rel="noopener">https://community.checkpoint.com/t5/SandBlast-Network/SandBlast-and-links-inside-email/td-p/15798</A></P><P>As I summarize base on the discussion.</P><DIV>In MTA, Threat Emulation work only if that URL end with any file extension, like<SPAN>&nbsp;</SPAN><A href="http://abc.com/xyz.pdf" target="_blank" rel="noopener nofollow noopener noreferrer">http://abc.com/xyz.pdf</A><SPAN>&nbsp;</SPAN>also<SPAN>&nbsp;</SPAN><A href="http://abc.com/" target="_blank" rel="noopener nofollow noopener noreferrer">http://abc.com</A><SPAN>&nbsp;</SPAN>leads to the PDF file to download (xyz.pdf)</DIV><DIV>&nbsp;</DIV><DIV>It did not scan if it's not to leads any PDF or any known extension like simple<SPAN>&nbsp;</SPAN><A href="http://abc.com/" target="_blank" rel="noopener nofollow noopener noreferrer">http://abc.com</A></DIV><DIV>&nbsp;</DIV><DIV>When enabling AV in MTA then URL reputation is checked over MTA base on the risk level. So if the risk level is&nbsp; 80 or below 80 then that malicious URL is not blocked even that the malicious URL have severity": "Medium", "confidence": "High".</DIV><DIV>&nbsp;</DIV><DIV>As on the above scenario, URL is<SPAN>&nbsp;</SPAN>bypass<SPAN>&nbsp;</SPAN>but If the customer is using Checkpoint URL Filtering then when the user is open that malicious link its BLOCK by Checkpoint URL Filtering. Because CP URL filtering is working base on severity and confidence level, not by Risk level.</DIV><DIV>&nbsp;</DIV><DIV>YES we can remove the malicious link from mail body but not sure about remove the all hyperlink that may genuine or not.</DIV><DIV>&nbsp;</DIV><DIV>Thank You</DIV><DIV>&nbsp;</DIV><DIV><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/25509">@Chinmaya_Naik</a>&nbsp;</DIV><P>&nbsp;</P> Mon, 08 Apr 2019 16:43:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remove-Hyperlink-from-the-Body-of-the-mail/m-p/50083#M13501 Chinmaya_Naik 2019-04-08T16:43:25Z