06-02-2023 06:29 AM
Hi,
unfortunately I couldn't find a solution to this, so hopefully you are able to help
In our ESA cluster (AsyncOS 14.2.2-004) we use dictionaries to quarantine mails e.g. by links contained in body or attachments.
The filter is a simple body-dictionary-match.
Recently we receive mails with links to bit.ly (which is not filtered), that are expanded by ESA to a URL that is in a dictionary.
Is there a way to also have these expanded URLs examined by the Content Filter?
(this is from message details, ohrmf.app.link would normally get filtered out)
Thanks in advance,
Amélie
07-02-2023 07:27 PM
URL filtering's capability to expand a shorted URL is to verify the actual's reputation or category and take actions. But it doesn't re-write the email with the expanded URL.
When a different content filter with body scanning condition looks at the email, it can only see "bit.ly" but not the expanded URL. It's behaving as expected at the moment, but I do understand your ask.
Feel free to talk to TAC and see if there are any options that can be explored here though I feel there aren't many (may be an enhancement if nothing works out)
07-02-2023 07:56 PM
07-04-2023 04:44 AM - edited 07-05-2023 05:37 AM
firstly, clear the caches on your web browser and flush the DNS cache on your computer. cached data or outdates DNS records can sometimes causes issues with urls expansions. after clearing the caches and try accessing the urls again to see if the content filter recognizes them correctly. Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide