Messaging Gateway

<enduser-root ng-version="8.2.14" _nghost-jjg-c0=""><enduser-esd _nghost-jjg-c6=""><enduser-frame-layout class="mat-typography" _ngcontent-jjg-c6="" _nghost-jjg-c7=""> </enduser-frame-layout></enduser-esd></enduser-root>

------------------------------
Symantec Enthusiast
------------------------------

Is your question if CAS will do link following and report a malicious URL?

The documentation states the following for SMG - CAS integration:

Threat defense scans the HTML body of a message and the message attachments. If an attachment is a plain text file, an XML file, or an empty file, the threat defense scan ignores the file. The text body of a message is also ignored. If an attachment is an email message, threat defense scans the attached message in the same way that it scans any other message.

------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 06-23-2020 01:35 PM
From: sulman mushaq
Subject: SMG Integration with Symantec CAS

<enduser-root ng-version="8.2.14" _nghost-jjg-c0=""><enduser-esd _nghost-jjg-c6=""><enduser-frame-layout class="mat-typography" _ngcontent-jjg-c6="" _nghost-jjg-c7="">

<enduser-mycases class="ng-star-inserted" _nghost-jjg-c15="">

<as-split class="as-horizontal as-transition as-init" _ngcontent-jjg-c15="" direction="horizontal" guttercolor="grey" usetransition="true" _nghost-jjg-c16=""><as-split-area class="as-split-area" _ngcontent-jjg-c15="">

<enduser-tickets-detail class="overflow-auto full-height ng-star-inserted" _ngcontent-jjg-c15="" fxflex="12 1 0" _nghost-jjg-c19=""><mat-tab-group class="tickets-tab mat-elevation-z4 full-height mat-tab-group mat-primary ng-star-inserted" mat-stretch-tabs="" _ngcontent-jjg-c19="">

<mat-tab-body class="mat-tab-body ng-tns-c34-66 mat-tab-body-active ng-star-inserted" id="mat-tab-content-2-0" role="tabpanel" aria-labelledby="mat-tab-label-2-0">

<enduser-dynamic-case-details-fields class="ng-star-inserted" _ngcontent-jjg-c19="" _nghost-jjg-c30="">

Hi. We have Symantec Messaging Gateway (SMG) integrated with Symantec CAS which is also doing on-box Sandboxing. The integration is working fine and CAS is analyzing the email attachments which SMG is sending to it as part of this integration. However if there are any URLs in the body of the email which is being sent to CAS by SMG, then those URLs in the email body are not being analyzed or scanned by SMG.

We would like to know if this is an expected behavior and it is working as designed that CASMA will not scan or analyze any URLs in the body of the email which is sent to it by SMG

</enduser-dynamic-case-details-fields>

</mat-tab-body>

</mat-tab-group></enduser-tickets-detail>

</as-split-area></as-split>

</enduser-mycases>

</enduser-frame-layout></enduser-esd></enduser-root>

------------------------------
Symantec Enthusiast
------------------------------

Yes Steven thats correct. Would CAS gonna scan the URL which is simple or pointing to an object which is in the body of the email ?

------------------------------
Symantec Enthusiast
------------------------------

Original Message:
Sent: 06-23-2020 07:23 PM
From: Steven R
Subject: SMG Integration with Symantec CAS

Is your question if CAS will do link following and report a malicious URL?

The documentation states the following for SMG - CAS integration:

Threat defense scans the HTML body of a message and the message attachments. If an attachment is a plain text file, an XML file, or an empty file, the threat defense scan ignores the file. The text body of a message is also ignored. If an attachment is an email message, threat defense scans the attached message in the same way that it scans any other message.

------------------------------
Strategic Support Engineer
Broadcom

Original Message:
Sent: 06-23-2020 01:35 PM
From: sulman mushaq
Subject: SMG Integration with Symantec CAS

<enduser-root ng-version="8.2.14" _nghost-jjg-c0=""><enduser-esd _nghost-jjg-c6=""><enduser-frame-layout class="mat-typography" _ngcontent-jjg-c6="" _nghost-jjg-c7="">

<enduser-mycases class="ng-star-inserted" _nghost-jjg-c15="">

<as-split class="as-horizontal as-transition as-init" _ngcontent-jjg-c15="" direction="horizontal" guttercolor="grey" usetransition="true" _nghost-jjg-c16=""><as-split-area class="as-split-area" _ngcontent-jjg-c15="">

<enduser-tickets-detail class="overflow-auto full-height ng-star-inserted" _ngcontent-jjg-c15="" fxflex="12 1 0" _nghost-jjg-c19=""><mat-tab-group class="tickets-tab mat-elevation-z4 full-height mat-tab-group mat-primary ng-star-inserted" mat-stretch-tabs="" _ngcontent-jjg-c19="">

<mat-tab-body class="mat-tab-body ng-tns-c34-66 mat-tab-body-active ng-star-inserted" id="mat-tab-content-2-0" role="tabpanel" aria-labelledby="mat-tab-label-2-0">

<enduser-dynamic-case-details-fields class="ng-star-inserted" _ngcontent-jjg-c19="" _nghost-jjg-c30="">

Hi. We have Symantec Messaging Gateway (SMG) integrated with Symantec CAS which is also doing on-box Sandboxing. The integration is working fine and CAS is analyzing the email attachments which SMG is sending to it as part of this integration. However if there are any URLs in the body of the email which is being sent to CAS by SMG, then those URLs in the email body are not being analyzed or scanned by SMG.

We would like to know if this is an expected behavior and it is working as designed that CASMA will not scan or analyze any URLs in the body of the email which is sent to it by SMG

</enduser-dynamic-case-details-fields>

</mat-tab-body>

</mat-tab-group></enduser-tickets-detail>

</as-split-area></as-split>

</enduser-mycases>

</enduser-frame-layout></enduser-esd></enduser-root>

------------------------------
Symantec Enthusiast
------------------------------

As far as I am aware, the CAS server does not have the ability to do link following. You could inquire with that support team to verify if this is a feature of the CAS server.

------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 06-24-2020 12:48 PM
From: sulman mushaq
Subject: SMG Integration with Symantec CAS

Yes Steven thats correct. Would CAS gonna scan the URL which is simple or pointing to an object which is in the body of the email ?

------------------------------
Symantec Enthusiast

Original Message:
Sent: 06-23-2020 07:23 PM
From: Steven R
Subject: SMG Integration with Symantec CAS

Is your question if CAS will do link following and report a malicious URL?

The documentation states the following for SMG - CAS integration:

Threat defense scans the HTML body of a message and the message attachments. If an attachment is a plain text file, an XML file, or an empty file, the threat defense scan ignores the file. The text body of a message is also ignored. If an attachment is an email message, threat defense scans the attached message in the same way that it scans any other message.

------------------------------
Strategic Support Engineer
Broadcom

Original Message:
Sent: 06-23-2020 01:35 PM
From: sulman mushaq
Subject: SMG Integration with Symantec CAS

<enduser-root ng-version="8.2.14" _nghost-jjg-c0=""><enduser-esd _nghost-jjg-c6=""><enduser-frame-layout class="mat-typography" _ngcontent-jjg-c6="" _nghost-jjg-c7="">

<enduser-mycases class="ng-star-inserted" _nghost-jjg-c15="">

<as-split class="as-horizontal as-transition as-init" _ngcontent-jjg-c15="" direction="horizontal" guttercolor="grey" usetransition="true" _nghost-jjg-c16=""><as-split-area class="as-split-area" _ngcontent-jjg-c15="">

<enduser-tickets-detail class="overflow-auto full-height ng-star-inserted" _ngcontent-jjg-c15="" fxflex="12 1 0" _nghost-jjg-c19=""><mat-tab-group class="tickets-tab mat-elevation-z4 full-height mat-tab-group mat-primary ng-star-inserted" mat-stretch-tabs="" _ngcontent-jjg-c19="">

<mat-tab-body class="mat-tab-body ng-tns-c34-66 mat-tab-body-active ng-star-inserted" id="mat-tab-content-2-0" role="tabpanel" aria-labelledby="mat-tab-label-2-0">

<enduser-dynamic-case-details-fields class="ng-star-inserted" _ngcontent-jjg-c19="" _nghost-jjg-c30="">

Hi. We have Symantec Messaging Gateway (SMG) integrated with Symantec CAS which is also doing on-box Sandboxing. The integration is working fine and CAS is analyzing the email attachments which SMG is sending to it as part of this integration. However if there are any URLs in the body of the email which is being sent to CAS by SMG, then those URLs in the email body are not being analyzed or scanned by SMG.

We would like to know if this is an expected behavior and it is working as designed that CASMA will not scan or analyze any URLs in the body of the email which is sent to it by SMG

</enduser-dynamic-case-details-fields>

</mat-tab-body>

</mat-tab-group></enduser-tickets-detail>

</as-split-area></as-split>

</enduser-mycases>

</enduser-frame-layout></enduser-esd></enduser-root>

------------------------------
Symantec Enthusiast
------------------------------

CAS does not do link following. In order to sandbox links, this would require an Email Threat Isolation server. For more details, start with the SMG data sheet here: https://docs.broadcom.com/doc/messaging-gateway-atp-data-protection-en

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom
------------------------------

Original Message:
Sent: 06-24-2020 05:00 PM
From: Steven R
Subject: SMG Integration with Symantec CAS

As far as I am aware, the CAS server does not have the ability to do link following. You could inquire with that support team to verify if this is a feature of the CAS server.

------------------------------
Strategic Support Engineer
Broadcom

Original Message:
Sent: 06-24-2020 12:48 PM
From: sulman mushaq
Subject: SMG Integration with Symantec CAS

Yes Steven thats correct. Would CAS gonna scan the URL which is simple or pointing to an object which is in the body of the email ?

------------------------------
Symantec Enthusiast

Original Message:
Sent: 06-23-2020 07:23 PM
From: Steven R
Subject: SMG Integration with Symantec CAS

Is your question if CAS will do link following and report a malicious URL?

The documentation states the following for SMG - CAS integration:

Threat defense scans the HTML body of a message and the message attachments. If an attachment is a plain text file, an XML file, or an empty file, the threat defense scan ignores the file. The text body of a message is also ignored. If an attachment is an email message, threat defense scans the attached message in the same way that it scans any other message.

------------------------------
Strategic Support Engineer
Broadcom

Original Message:
Sent: 06-23-2020 01:35 PM
From: sulman mushaq
Subject: SMG Integration with Symantec CAS

<enduser-root ng-version="8.2.14" _nghost-jjg-c0=""><enduser-esd _nghost-jjg-c6=""><enduser-frame-layout class="mat-typography" _ngcontent-jjg-c6="" _nghost-jjg-c7="">

<enduser-mycases class="ng-star-inserted" _nghost-jjg-c15="">

<as-split class="as-horizontal as-transition as-init" _ngcontent-jjg-c15="" direction="horizontal" guttercolor="grey" usetransition="true" _nghost-jjg-c16=""><as-split-area class="as-split-area" _ngcontent-jjg-c15="">

<enduser-tickets-detail class="overflow-auto full-height ng-star-inserted" _ngcontent-jjg-c15="" fxflex="12 1 0" _nghost-jjg-c19=""><mat-tab-group class="tickets-tab mat-elevation-z4 full-height mat-tab-group mat-primary ng-star-inserted" mat-stretch-tabs="" _ngcontent-jjg-c19="">

<mat-tab-body class="mat-tab-body ng-tns-c34-66 mat-tab-body-active ng-star-inserted" id="mat-tab-content-2-0" role="tabpanel" aria-labelledby="mat-tab-label-2-0">

<enduser-dynamic-case-details-fields class="ng-star-inserted" _ngcontent-jjg-c19="" _nghost-jjg-c30="">

Hi. We have Symantec Messaging Gateway (SMG) integrated with Symantec CAS which is also doing on-box Sandboxing. The integration is working fine and CAS is analyzing the email attachments which SMG is sending to it as part of this integration. However if there are any URLs in the body of the email which is being sent to CAS by SMG, then those URLs in the email body are not being analyzed or scanned by SMG.

We would like to know if this is an expected behavior and it is working as designed that CASMA will not scan or analyze any URLs in the body of the email which is sent to it by SMG

</enduser-dynamic-case-details-fields>

</mat-tab-body>

</mat-tab-group></enduser-tickets-detail>

</as-split-area></as-split>

</enduser-mycases>

</enduser-frame-layout></enduser-esd></enduser-root>

------------------------------
Symantec Enthusiast
------------------------------