Yes. VMRay Email Threat Defender extracts links from both the email body as well as from attached documents.
VMRay Email Threat Defender uses custom-built heuristics and a whitelist-based approach to determine which links and attachments should be detonated. This ensures that no inadvertent detonations (in this case equivalent to clicks) are issued against links that would for example activate accounts or unsubscribe users from newsletters.
The detonation is executed at the time of delivery, (i.e. right after the email reaches the VMRay Email Threat Defender.) Both elements mitigate the drawbacks of common time-of-click-based approaches that replace links (for example, the inability to be used on links within documents or signed emails).