Malware commonly enters an enterprise via a number of vectors. One such vector is email and another is the internet (sometimes referred to as the “web”). Malware analysis on email can be accomplished by pausing an email delivery system and performing the analysis while the email delivery system is paused. Signature, heuristic, hash, and/or behavioral analysis can be performed on the email (and any attachments to the email) to determine if the email includes malware. If malware is discovered in email, the email delivery system can quarantine the email (e.g., refuse delivery of the email). Internet users generally will not tolerate a system that pauses (for an appreciable amount of time) before permitting access to web content. Thus, pausing the internet access like pausing the email access in an email delivery system can irritate a user base and is generally considered an unviable solution.
One current solution to detecting malware in internet access includes comparing a Universal Resource Locator (URL) to a list of known bad URLs. If the URL is on the list, then access to the URL is blocked. If the URL is not on the list, the access is permitted. Such a system requires proactive management of the list of known bad URLs and updating the list to include newly discovered bad URLs and removing once bad URLs that become good.