IMSVA patch 3 can enable Web Reputation Services (WRS) policy to automatically extract URLs from file attachments, and to check the safety of each URL.
When the feature is enabled, IMSVA can extract hyperlink in PDF, MS word, HTML and text attachment, then analyze them with WRS. If the URL sandbox feature is enabled too, IMSVA will also submit the extracted URLs to Virtual Analyzer.
The supported file type list:
| File Type | File Extension |
|---|---|
| Word | doc, docx |
| Excel | xls, xlsx |
| PowerPoint | ppt, pptx |
| XPS | xps |
| TXT | txt |
| RTF | rtf |
| MIME | eml |
| HTML | html, htm |
| Compressed file | arj cab gz 7z bz2 rar tar zip jar ace |
To enable Attachment Phishing:
- SSH to IMSVA with root credential, using PuTTY or other software supporting SSH protocol.
- Connect to the database by running the following command:
/opt/trend/imss/PostgreSQL/bin/psql imss sa
- Add a hidden key in the database by running the following command:
insert into tb_global_setting (section, name, value, inifile) VALUES ('wrs', 'enable_extract_att_url', 'yes', 'imss.ini'); - Close the database connection using the command, \q .
- Restart the scan service using the command, S99IMSS restart .
Perform the same configuration for child devices.