Is your question if CAS will do link following and report a malicious URL?
The documentation states the following for SMG - CAS integration:
Threat defense scans the HTML body of a message and the message attachments. If an attachment is a plain text file, an XML file, or an empty file, the threat defense scan ignores the file. The text body of a message is also ignored. If an attachment is an email message, threat defense scans the attached message in the same way that it scans any other message.
------------------------------
Strategic Support Engineer
Broadcom
------------------------------
Original Message:
Sent: 06-23-2020 01:35 PM
From: sulman mushaq
Subject: SMG Integration with Symantec CAS
<enduser-root ng-version="8.2.14" _nghost-jjg-c0=""><enduser-esd _nghost-jjg-c6=""><enduser-frame-layout class="mat-typography" _ngcontent-jjg-c6="" _nghost-jjg-c7=""><enduser-mycases class="ng-star-inserted" _nghost-jjg-c15="">
<as-split class="as-horizontal as-transition as-init" _ngcontent-jjg-c15="" direction="horizontal" guttercolor="grey" usetransition="true" _nghost-jjg-c16=""><as-split-area class="as-split-area" _ngcontent-jjg-c15="">
<enduser-tickets-detail class="overflow-auto full-height ng-star-inserted" _ngcontent-jjg-c15="" fxflex="12 1 0" _nghost-jjg-c19=""><mat-tab-group class="tickets-tab mat-elevation-z4 full-height mat-tab-group mat-primary ng-star-inserted" mat-stretch-tabs="" _ngcontent-jjg-c19="">
<mat-tab-body class="mat-tab-body ng-tns-c34-66 mat-tab-body-active ng-star-inserted" id="mat-tab-content-2-0" role="tabpanel" aria-labelledby="mat-tab-label-2-0">
<enduser-dynamic-case-details-fields class="ng-star-inserted" _ngcontent-jjg-c19="" _nghost-jjg-c30="">
Hi. We have Symantec Messaging Gateway (SMG) integrated with Symantec CAS which is also doing on-box Sandboxing. The integration is working fine and CAS is analyzing the email attachments which SMG is sending to it as part of this integration. However if there are any URLs in the body of the email which is being sent to CAS by SMG, then those URLs in the email body are not being analyzed or scanned by SMG.
We would like to know if this is an expected behavior and it is working as designed that CASMA will not scan or analyze any URLs in the body of the email which is sent to it by SMG
</enduser-dynamic-case-details-fields>
</mat-tab-body>
</mat-tab-group></enduser-tickets-detail>
</as-split-area></as-split>
</enduser-mycases>
</enduser-frame-layout></enduser-esd></enduser-root>
------------------------------
Symantec Enthusiast
------------------------------