Skip to main content

Working with LinkScan

LinkScan is a feature that adds an additional security layer to incoming e-mails. All contained URLs are rewritten to redirect users to the LinkScan domain, where the URL is scanned and checked for threats, including deep redirect scanning and document detection.

GravityZone Security for Email implements this feature through the LinkScan action, which, when triggered, rewrites all the URLs contained in an email. To implement the feature, you need to have a Message Rule set in place that applies this action to your messages based on specific conditions.

Rewriting URLs

URLs inside emails are rewritten so that they will pass through the linkscan.io domain before taking the user to the original destination. A rewritten URL has the following format:

https://lsems.gravityzone.bitdefender.com/scan/<string>

When a user clicks a rewritten URL, the LinkScan service checks the underlying URL against multiple threat intelligence feeds:

Example 8. A clean URL with the Click to Continue operating mode enabled
150340_3.png


Example 9. A URL that has a threat with the Auto Redirect unless Threat Detected operating mode enabled
150340_4.png


Creating a LinkScan rule

To create a new LinkScan rule, follow the steps below:

  1. Go to Products > GravityZone Security for Email > Message Rules.

  2. Click the Add Rule emailsecadd.png button at the upper right side of the screen.

  3. Add a descriptive name for the rule and click the Add emailsecadd2.png button.

  4. Add a Direction condition and set it to Inbound.

  5. (optional) Add a Sender In List condition and set it to Does Not Match: All Safe Lists.

    Note

    This condition will exclude all emails received from senders included in your Safe lists from LinkScan URL rewriting and is not mandatory for the rule to function properly.

  6. Add a LinkScan action and set it to Click to Continue, Block on threat, Hide target URL with Doc Scan.

    Note

    This is the most restrictive setting. You can find more information on the other available settings here.

    76195_1.png
  7. Click the Save emailsecsave.png button.

Creating exclusions

Excluding emails

You can exclude emails from specific users by adding the user's email address to your company's Safe lists. URLs contained in emails received from this user will not be rewritten.

Excluding specific URLs

To exclude a specific URL follow the steps below:

  1. Go to Products > GravityZone Security for Email > Custom Rule Data.

  2. Click the Add New button at the upper lower side of the screen and select Rule RegEx.

  3. Give the rule a descriptive name and click Update.

  4. Add the URL you want excluded in the following format: \b(URL)\b. Add a backslash \ before each period . character and use | to separate multiple URLs.

    Example 10. Exclude google.com
    \b(google\.com)\b


    Example 11. Exclude google.com and www.yahoo.com
    \b(google\.com)\b|\b(www\.yahoo\.com)\b


  5. Click the Save button.

    150340_1.png
  6. Go to Products > GravityZone Security for Email > Message Rules.

  7. Start editing the LinkScan rule by double-clicking it.

  8. Add a Body condition, set it to Does not match and select the name of the Custom Rule Data you created.

  9. Click the Save button in the upper rights side of the screen.

    150340_2.png