Working with LinkScan
LinkScan is a feature that adds an additional security layer to incoming e-mails. All contained URLs are rewritten to redirect users to the LinkScan domain, where the URL is scanned and checked for threats, including deep redirect scanning and document detection.
GravityZone Security for Email implements this feature through the LinkScan action, which, when triggered, rewrites all the URLs contained in an email. To implement the feature, you need to have a Message Rule set in place that applies this action to your messages based on specific conditions.
Rewriting URLs
URLs inside emails are rewritten so that they will pass through the linkscan.io
domain before taking the user to the original destination. A rewritten URL has the following format:
https://lsems.gravityzone.bitdefender.com/scan/<string>
When a user clicks a rewritten URL, the LinkScan service checks the underlying URL against multiple threat intelligence feeds:
Creating a LinkScan rule
To create a new LinkScan rule, follow the steps below:
Go to Products > GravityZone Security for Email > Message Rules.
Click the Add Rule button at the upper right side of the screen.
Add a descriptive name for the rule and click the Add button.
Add a Direction condition and set it to Inbound.
(optional) Add a Sender In List condition and set it to Does Not Match: All Safe Lists.
Note
This condition will exclude all emails received from senders included in your Safe lists from LinkScan URL rewriting and is not mandatory for the rule to function properly.
Add a LinkScan action and set it to Click to Continue, Block on threat, Hide target URL with Doc Scan.
Note
This is the most restrictive setting. You can find more information on the other available settings here.
Click the Save button.
Creating exclusions
You can exclude emails from specific users by adding the user's email address to your company's Safe lists. URLs contained in emails received from this user will not be rewritten.
To exclude a specific URL follow the steps below:
Go to Products > GravityZone Security for Email > Custom Rule Data.
Click the Add New button at the upper lower side of the screen and select Rule RegEx.
Give the rule a descriptive name and click Update.
Add the URL you want excluded in the following format:
\b(URL)\b
. Add a forward slash/
before each period.
character and use|
to separate multiple URLs.Example 6. Exclude google.com\b(google\.com)\b
Example 7. Exclude google.com and www.yahoo.com\b(google\.com)\b|\b(www\.yahoo\.com)\b
Click the Save button.
Go to Products > GravityZone Security for Email > Message Rules.
Start editing the LinkScan rule by double-clicking it.
Add a Body condition, set it to Does not match and select the name of the Custom Rule Data you created.
Click the Save button in the upper rights side of the screen.