[clamav-users] Malwarepatrol false positive
Mark G Thomas
Mark at Misty.com
Wed Aug 29 17:01:15 UTC 2018
Hi,
Apparently the cudasvc.com URLs are a function of Barracuda for their
customers, replacing dangerous public URLs in messages with private
links to barracuda-hosted warnings or screening pages, to prevent
customers from receiving and following original potentially malicious URLs.
Microsoft has a simlar service: safelinks.protection.outlook.com
It seems to me there are all sorts of negative consequences to altering
message content in this way, however that's poor excuse for adding such
URLs to a publically distributed virus filter rule.
Mark
On Tue, Aug 28, 2018 at 07:45:09AM +0200, lukn wrote:
> Hi
>
> cudasvc was recently listed on Spamhaus' DBL. Looks like Barracuda has
> some kind of issues with their service.
> The other question is, why do people use such link cloakers?
>
>
> On 27.08.2018 22:44, Mark G Thomas wrote:
> > Hi,
> >
> > But, there are more. This is nuts.
> >
> > # sigtool --find-sigs MBL_13112740 | sigtool --decode-sigs
> > VIRUS NAME: MBL_13112740
> > DECODED SIGNATURE:
> > https://linkprotect.cudasvc.com/url
> >
> > Mark
> >
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
Mark G. Thomas (Mark at Misty.com), KC3DRE
More information about the clamav-users
mailing list