10-01-2021 05:34 AM
Hello all!!!!!
I have a very specific but critical use case for scanning URLs within emails and then taking action on them if they contain a certain string.
I need the detection of the URL contents to work even if it's in a hyperlink and preferably if it's within an attachment too.
I can see incoming content filters for message body contains text. Does anybody know if this will detect URLs in the message body and especially if they're hyperlinked?
Can test this myself next week but it anybody knows I'd be grateful for the answer ahead of then!
All the best
10-08-2021 02:43 AM
Hello
add a dictionary with suitable REGEX strings like
http:\/\/.*\.example\.com\/
https:\/\/.*\.exampe\.com\/
add a filter
if (dictionary-match("URL-Dictionary", 1)) { quarantine("URL-Quarantine"); log-entry("Matched Content: $MatchedContent"); }
Grz
S.
10-08-2021 03:20 AM
Hi Steflstefan.
Thank you for your reply.
So I have been testing this and this approach will work but only if the URL exists in the body as text. It doesn't seem to work if there are button links or hyperlinks in the email.
I think this is a limitation of the appliance. We know it can read URLs embedded in email because it looks up their reputations but we don't have any options for scanning them for specific strings which is a shame.
All the best
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: