Hi there, On Mon, 19 Jul 2021, [email protected] wrote:
If you didn't know, Google is now blocking any emails with a bit dot ly links in the body. ...
Except, as you say, those that Google sends. So I block all mail from Google servers (and of course from Microsoft servers - but I digress). But I don't reject it. }:-)
I was wondering what your opinion would be to add a custom signature blocking the links with ClamAV, as our system is set to notify the sender right away.
ClamAV supports Yara rules, after a fashion. The Yara rules here block (and my systems report, e.g. to Spamcop) all mail containing such links, there are quite a few others which are used for much the same purposes. IMO notifying the sender is a bad idea. The sender is probably forged, in which case you just add to the problem by back-scattering spam; and if the sender is _not_ forged you're telling a spammer something that is useful to him. I don't like to give anything to spammers but pain; I do like to TEMPFAIL all spam, so that the spam-sending services must do a lot more work to achieve the nothing at all that they achieve. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
