Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Malware Patrol Lists
« previous
next »
Print
Pages: [
1
]
Author
Topic: Malware Patrol Lists (Read 6015 times)
rhyse
Newbie
Posts: 14
Karma: 0
Malware Patrol Lists
«
on:
May 25, 2017, 10:59:21 pm »
Hi
Firstly thanks for the project.
I am trying to use the Malware Patrol lists in the "Remote ACLs" section of the Web Proxy service, in particular I am looking at thier Ransomware Block lists (Would like their Malicious URL feeds at some point). The issue is I am unable to get the lists into Squid. I think it has to do with the "header" on their files, is there a way to update the the "download" script to cater for this ? (I dont know where to find the script, so I may be able to tinker if I know where it is. But I am no programmer etc)
Files look along the lines of
This one is from a squidguard formated list
===
#
# Malware Patrol - Block List -
https://www.malwarepatrol.net
#
# Please do not update this list more often then every day.
#
# Copyright (c) 2014 - Andre Correa - Malware Patrol - Malware Block List
# This information is provided as-is and under the Terms and Conditions
# available in the following address:
#
#
https://www.malwarepatrol.net/terms.shtml
#
# Using this information indicates your agreement to be bound by these
# terms. If you do not accept them, please delete this file immediately.
#
# You can report false positives or broken rules/signatures to:
# fp (a t) malwarepatrol.net
#
# Cdmk5j392k2mcldleoqi44m3k1928rma
#
aakwbrbjtqja.co.uk/
aalgiftswdyhvj.net/
aanrhfftgveq.ru/
aasyjiubathqd.info/
...
...
...
yxxebtrcenbm.info/
yynleigitdls.biz/
====
Ths is from a SQUID formated list
====
#
# Malware Patrol - Block List -
https://www.malwarepatrol.net
# List for Squid
# Generated at: 20170525195759 UTC
#
# Please do not update this list more often than every hour.
#
# Copyright (c) 2017 - Andre Correa - Malware Patrol - Malware Block List
# This information is provided as-is and under the Terms and Conditions
# available in the following address:
#
#
https://www.malwarepatrol.net/terms.shtml
#
# Using this information indicates your agreement to be bound by these
# terms. If you do not accept them, please delete this file immediately.
#
# You can report false positives or broken rules/signatures to:
# fp (a t) malwarepatrol.net
#
# Kn2su6fOsZ5fnhesG2hPPMDDDX3LYM3y
#
^http\:\/\/(.+@)?(.+.)?018fe96b-a-62cb3a1a-s-sites\.googlegroups\.com
^http\:\/\/(.+@)?(.+.)?01iki0sx\.15311223344\.com
^http\:\/\/(.+@)?(.+.)?02307\.net
...
...
^http\:\/\/(.+@)?(.+.)?zzzwcbpvsn\.centade\.com
====
I have had a look at the resultant files that get created and essentially (I dont have a copy to hand), it doesn't get past the "header"
EDIT
====
Resultant File Example Below
====
root@unfw01:/usr/local/etc/squid/acl # cat squidguard
.#
.# terms. if you do not accept them, please delete this file immediately.
.# please do not update this list more often than every hour.
.# available in the following address:
.# using this information indicates your agreement to be bound by these
.# generated at: 20170525175853 utc
.# copyright (c) 2017 - andre correa - malware patrol - malware block list
.# fp (a t) malwarepatrol.net
.# this information is provided as-is and under the terms and conditions
.# list for squidguard - urls
.# kn2su6fosz5fnhesg2hppmdddx3lym3y
root@unfw01:/usr/local/etc/squid/acl #
====
Malware Patrol provide a working example at the following location:
http://www.malware.com.br/MalwarePatrolDownload.sh
Any help/advise is appreciated
Thanks
«
Last Edit: May 25, 2017, 11:13:48 pm by rhyse
»
Logged
rhyse
Newbie
Posts: 14
Karma: 0
Re: Malware Patrol Lists
«
Reply #1 on:
May 31, 2017, 01:00:27 am »
Hi
So i have found another list (differnet provider) that doesn't have a "header" to the file. That seems to be working fine.
I have also found /usr/local/opnsense/scripts/proxy/fetchACLs.py - is this the correct file to be looking at?
Traditionally from bash (previous solutions) I would just do something like "sed '/^#/ d'" to filter those lines out
Any help is appreciated
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Malware Patrol Lists
«
Reply #2 on:
May 31, 2017, 10:08:28 am »
You could also include the FireHole_Level1 list in your Firewall rules to add additional protection.
http://iplists.firehol.org/
Include like this:
https://docs.opnsense.org/manual/how-tos/edrop.html
(It also includes edrop etc.)
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
rhyse
Newbie
Posts: 14
Karma: 0
Re: Malware Patrol Lists
«
Reply #3 on:
May 31, 2017, 11:31:30 pm »
Hi
Thanks for the tip, have set them up. but does pose the question on how best to use floating rules. Need to figure that one out with multiple wans and lans.
Thanks
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Malware Patrol Lists