Mailing List Archive

[clamav-users] Opinion?
If you didn't know, Google is now blocking any emails with a bit dot ly
links in the body.

Sadly, they don't block outbound, but 421 on inbound return emails.



I was wondering what your opinion would be to add a custom signature
blocking the links with ClamAV, as our system is set to notify the sender
right away.



Sincerely,



Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300
Re: [clamav-users] Opinion? [ In reply to ]
Hi there,

On Mon, 19 Jul 2021, eric-list@truenet.com wrote:

> If you didn't know, Google is now blocking any emails with a bit dot ly
> links in the body. ...

Except, as you say, those that Google sends. So I block all mail from
Google servers (and of course from Microsoft servers - but I digress).

But I don't reject it. }:-)

> I was wondering what your opinion would be to add a custom signature
> blocking the links with ClamAV, as our system is set to notify the sender
> right away.

ClamAV supports Yara rules, after a fashion. The Yara rules here block
(and my systems report, e.g. to Spamcop) all mail containing such links,
there are quite a few others which are used for much the same purposes.

IMO notifying the sender is a bad idea. The sender is probably forged,
in which case you just add to the problem by back-scattering spam; and
if the sender is _not_ forged you're telling a spammer something that
is useful to him. I don't like to give anything to spammers but pain;
I do like to TEMPFAIL all spam, so that the spam-sending services must
do a lot more work to achieve the nothing at all that they achieve.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml