Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
iliessens
New Contributor II

Created on ‎11-03-2023 08:07 AM

Fortimail v7.4.1 does not scan URL's

Hi all,

 

Lately some emails containing URLs seem to skip the URL filter and rewrite that is configured.

Nothing concerning the URLs show up in the logs, so it seems that they just go undetected.

 

Yet, they hit exactly the same policies as emails that are getting processed.

I suspect it might have something to do with "Content-Transfer-Encoding: quoted-printable" that is used in at least two of the cases I've been able to track down.

 

Has anybody seen this behaviour? Is this expected?

 

We are running Fortimail v7.4.1 on a VM. Not sure if the behaviour was the same in older versions.

 

Many thanks,

Imre

Labels:
1301
0 Kudos
1 Solution
iliessens
New Contributor II

Created on ‎11-08-2023 06:19 AM

So, it seems that I've been a bit confused by the FortiGuard categories changing between the email passing through the unit and me manually checking.

Additionally, not all categories are currently enabled for URL rewrite. So, we'll have to revisit that as well.

 

And the URLs are only logged when either the filter or the URL redirect triggers on them, not all URLs as I mistakenly expected.

View solution in original post

1222
0 Kudos
3 REPLIES 3
xshkurti
Staff
Staff

Created on ‎11-04-2023 11:04 AM

@iliessens 

 

Have you configured antispam settings for URL check?

 

config antispam settings

set url-checking {aggressive | strict}

end

 

Follow this link for more info:

Configuring the FortiGuard URL filter | FortiMail 7.4.1 | Fortinet Document Library

 

Regards,

1277
0 Kudos
iliessens
New Contributor II

Created on ‎11-05-2023 11:46 PM

No, this option is not configured. I see that it defaults to "strict" mode, so that's what we are using.

And that definitely works for most of the emails, containing similar URLs.

 

I checked one of the sample emails, and the URLs are written as absolute links.

However, due to the quoted-printable encoding, the HTML turns out a little different:

 

<a href=3D"https://example.com"></a>

 

1255
0 Kudos
iliessens
New Contributor II

Created on ‎11-08-2023 06:19 AM

So, it seems that I've been a bit confused by the FortiGuard categories changing between the email passing through the unit and me manually checking.

Additionally, not all categories are currently enabled for URL rewrite. So, we'll have to revisit that as well.

 

And the URLs are only logged when either the filter or the URL redirect triggers on them, not all URLs as I mistakenly expected.

1223
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.