Hi, Apparently the cudasvc.com URLs are a function of Barracuda for their customers, replacing dangerous public URLs in messages with private links to barracuda-hosted warnings or screening pages, to prevent customers from receiving and following original potentially malicious URLs.
Microsoft has a simlar service: safelinks.protection.outlook.com It seems to me there are all sorts of negative consequences to altering message content in this way, however that's poor excuse for adding such URLs to a publically distributed virus filter rule. Mark On Tue, Aug 28, 2018 at 07:45:09AM +0200, lukn wrote: > Hi > > cudasvc was recently listed on Spamhaus' DBL. Looks like Barracuda has > some kind of issues with their service. > The other question is, why do people use such link cloakers? > > > On 27.08.2018 22:44, Mark G Thomas wrote: > > Hi, > > > > But, there are more. This is nuts. > > > > # sigtool --find-sigs MBL_13112740 | sigtool --decode-sigs > > VIRUS NAME: MBL_13112740 > > DECODED SIGNATURE: > > https://linkprotect.cudasvc.com/url > > > > Mark > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -- Mark G. Thomas (m...@misty.com), KC3DRE _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml