Support Center > Search Results > SecureKnowledge Details
Threat Emulation emulates URLs that end with ".com", as "*.com" files
Symptoms
  • Threat Emulation blade emulates every URL that ends with ".com" that was sent in the body of an e-mail as a "*.com" file.
    (This happens when "*.com" files are allowed for emulation in SmartDashboard)

  • Debug of in.emaild.mta process (per sk109699), shows that URL is treated as a file:

    [emaild.mta ...]@GW_HostName[Date Time] ==>email_policy_te_links_parsed_event_cb : 0xNNN
    [emaild.mta ...]@GW_HostName[Date Time] email_te_should_emulate_file: file='www.example.com' returning 1 And sent for emulation as link:
    [emaild.mta ...]@GW_HostName[Date Time] email_policy_te_create_lnk_file_from_url: mime path is /opt/CPsuite-R77/fw1/tmp/email_tmp/emailtemp-XXX
    [emaild.mta ...]@GW_HostName[Date Time] email_policy_te_create_lnk_file_from_url: lnk file name is /opt/CPsuite-R77/fw1/tmp/email_tmp/emailtemp-XXX/fileZZZ.cp_lnk
    [emaild.mta ...]@GW_HostName[Date Time] email_create_lnk_file: write to file /opt/CPsuite-R77/fw1/tmp/email_tmp/emailtemp-XXX/fileZZZ.cp_lnk the string www.example.com
    [emaild.mta ...]@GW_HostName[Date Time] email_policy_te_handle_link: lnk_file_name: fileZZZ.cp_lnk

Solution
Note: To view this solution you need to Sign In .