fixed that for you
I think your commas in the wrong place. It should read :
"redirected to a site punting crud Avast software"
The website of Super Glue became bunged up with a malicious script earlier this week as part of a tricky problem that was only resolved on Wednesday. Prior to their removal of malicious redirection scripts, visitors to the world-famous adhesive maker's site were redirected to a site punting crud, Avast software warned. It …
Just block whatever SpamHaus blocks.
With Squid you can use "acl external" and a small helper written in Net::DNS: take the URL, split out the name or IP, look it up, look up the spamhaus entry and if it is listed make Squid return a 40x. If you run a local DNS resolver on the Squid instance (which is a good performance tuning practice anyway) the performance penalty is negligible.
This deals with 99.9% of scareware peddling sites because the "infected" web sites and "adverts" only redirect. The final delivery site is nearly always on a block of one of the major "black networks" which are all in SpamHaus. These are the ones that get filtered as a result of using this.
Biting the hand that feeds IT © 1998–2021