[clamav-users] Using clamav to test for bad links in incoming emails

[G.W. Haywood]

Hi there,

On Sat, 9 Feb 2019, Gene Heskett wrote:

> Has anyone rigged clamd to check what looks like questionable links
> contained in incoming emails? It seems over the last 2 weeks my spam has
> tripled, and I suspect the real payload is in the urls in the message.

Trawl the logs to see where it comes from.  I find blocking incoming
mail by country code to be far more effective than almost anything else.
I'll hazard the guess that Asia and Eastern Europe will figure large in
the results.

> Or is this so time consuming and bandwidth wasting its not worth it?

ClamAV is pretty resource intensive, so more or less anything that
will reduce the number of calls to ClamAV processes will be well worth
doing.  Here, at the moment, clamd sees about 1.3% of attempts to send
mail to us.  That is, in February, 98.7% of incoming mail connections
were rejected before clamav-milter ever got to see any data.

-- 

73,
Ged.