I’m not aware of any link / attachment scanning features. That seems deliberate; they’d have to be able to decrypt your messages and files (or at least produce a link or file hash) in order to scan them. And it seems like the team wants to make sure they don’t have the ability.