This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
amith_rao
Contributor
‎2019-04-05 09:02 AM

Remove Hyperlink from the Body of the mail

Hi,

 

As we know that one of the Threat Extraction features offer removal of Hyperlink from the attachment of the mail. Similarly is it possible to remove the hyperlink from the body of the mail.

 

If threat Extraction cannot do this can any other blade offer this feature? 

 

 

0 Kudos
3 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2019-04-06 08:42 AM

Start here:

ATRG: Mail Transfer Agent (MTA)

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
amith_rao
Contributor
‎2019-04-06 12:09 PM
In response to HeikoAnkenbrand

Hi Heiko

The ATRG helps us understand how MTA works and the blades which can leverage this feature.

Supported blades for MTA feature are as follows: Threat Emulation, Threat Extraction, Anti-virus(R80.10 and above) Anti-Spam & E-mail Security.

But again my requirement is to scrap all the hyperlinks from the body of the Mail irrespective of whether the hyperlinks are genuine or not.

I am pretty much sure that the Threat extraction and Threat Emulation can do this on the attachments but not on the body of the mail.

At the same time, Anti-virus and Anti-bot blades can scan the mail body and only quarantine the Hyperlink found malicious.

But is there any option to quarantine all the hyperlink from mail body whether it is genuine or not? 

 

Regards

Amith

0 Kudos
Chinmaya_Naik
Advisor
‎2019-04-07 09:08 PM
In response to amith_rao

Hi Amith,

Refer the below link for more details.

https://community.checkpoint.com/t5/SandBlast-Network/SandBlast-and-links-inside-email/td-p/15798

As I summarize base on the discussion.

In MTA, Threat Emulation work only if that URL end with any file extension, like http://abc.com/xyz.pdf also http://abc.com leads to the PDF file to download (xyz.pdf)
 
It did not scan if it's not to leads any PDF or any known extension like simple http://abc.com
 
When enabling AV in MTA then URL reputation is checked over MTA base on the risk level. So if the risk level is  80 or below 80 then that malicious URL is not blocked even that the malicious URL have severity": "Medium", "confidence": "High".
 
As on the above scenario, URL is bypass but If the customer is using Checkpoint URL Filtering then when the user is open that malicious link its BLOCK by Checkpoint URL Filtering. Because CP URL filtering is working base on severity and confidence level, not by Risk level.
 
YES we can remove the malicious link from mail body but not sure about remove the all hyperlink that may genuine or not.
 
Thank You
 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events