From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: [PATCH 1/3] sources: Removal of ALIENVAULT and SPAMHAUS_EDROP from ipblocklist sources Date: Sat, 20 Apr 2024 12:18:10 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2810251175022603388==" List-Id: --===============2810251175022603388== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Rob, On 20/04/2024 10:24, Rob Brewer wrote: > On Fri, 19 Apr 2024 15:39:39 +0200, Adolf Belka wrote: > >> - ALIENVAULT has not been updated since at least Nov 2022 but probably >> earlier. There is no >> date for the file to be downloaded but a forum user has log messages >> from Nov 2022 that indicate the file had not changed as therefore no >> download occurred. >> - AT&T aquired AlienVault in August 2018. Somewhere between 2018 and >> 2022 the list stopped >> getting updated. AlienVault references on the AT&T website are now >> for a different product. >> - Discussed in IPFire conf call of April 2024 and agreed to remove the >> ALIENVAULT >> blocklist. >> - On Apr 10th the Spamhaus eDROP list was merged with the Spamhaus DROP >> list. The eDROP >> list is still available but is now empty. Trying to select the >> SPAMHAUS_EDROP list gives an error message that the blocklist was >> found to be empty. >> - This patch removes both the ALIENVAULT and the SPAMHAUS_EDROP lists >> from the ipblocklist >> sources file. >> >> Tested-by: Adolf Belka >> Signed-off-by: Adolf Belka >> --- >> config/ipblocklist/sources | 12 ------------ >> 1 file changed, 12 deletions(-) >> >> diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources >> index be0cf0229..0835c0f9c 100644 --- a/config/ipblocklist/sources +++ >> b/config/ipblocklist/sources @@ -55,12 +55,6 @@ our %sources =3D ( >> 'EMERGING_FWRULE' =3D> { 'name' =3D> 'Emerging Threats Blocklis >> 'parser' =3D> 'ip-or-net-list', >> 'rate' =3D> '12h', >> 'category' =3D> 'reputation' }, >> - 'SPAMHAUS_EDROP' =3D> { 'name' =3D> "Spamhaus Extended >> Don't Route or Peer List", >> - 'url' =3D> >> 'https://www.spamhaus.org/drop/edrop.txt', >> - 'info' =3D> >> 'https://www.spamhaus.org/drop/', >> - 'parser' =3D> 'ip-or-net-list', >> - 'rate' =3D> '1h', >> - 'category' =3D> 'reputation' }, >> 'DSHIELD' =3D> { 'name' =3D> 'Dshield.org >> Recommended Block List', >> 'url' =3D> >> 'https://www.dshield.org/ > block.txt', >> 'info' =3D> >> 'https://dshield.org/', >> @@ -106,12 +100,6 @@ our %sources =3D ( 'EMERGING_FWRULE' =3D> { 'name' >> =3D> 'Emerging Threats Blocklis >> 'parser' =3D> 'ip-or-net-list',, >> 'rate' =3D> '1h', >> 'category' =3D> 'application' }, >> - 'ALIENVAULT' =3D> { 'name' =3D> 'AlienVault IP >> Reputation database', >> - 'url' =3D> >> 'https://reputation.alienvault.com/reputation.generic', >> - 'info' =3D> >> 'https://www.alienvault.com/resource-center/videos/what-is-ip-domain- > reputation', >> - 'parser' =3D> 'ip-or-net-list', >> - 'rate' =3D> '1h', >> - 'category' =3D> 'reputation' }, >> 'BOGON' =3D> { 'name' =3D> 'Bogus address list >> (Martian)', >> 'url' =3D> >> 'https://www.team-cymru.org/ > Services/Bogons/bogon-bn-agg.txt', > > > It would appear that SPAMHAUS_EDROP has been merged into SPAMHAUS_DROP > list. That is correct. That is what I put in the commit message. Spamhaus have the following page about the change. https://www.spamhaus.org/resource-hub/network-security/spamhaus-drop-and-edro= p-to-become-a-single-list/#what-are-the-spamhaus-drop-lists > "; This list has been merged into https://www.spamhaus.org/drop/drop.txt > ; Spamhaus EDROP List 2024/04/19 - (c) 2024 The Spamhaus Project > ; https://www.spamhaus.org/drop/edrop.txt > ; Last-Modified: Fri, 19 Apr 2024 13:49:21 GMT > ; Expires: Sat, 20 Apr 2024 13:49:21 GMT > ; EOF > > I think it would be better to change the URL in the sources list from: > > https://www.spamhaus.org/drop/edrop.txt > > to > > https://www.spamhaus.org/drop/drop.txt > > > Rather than just remove the list from the sources file. I don't really understand your suggestion here. The EDROP list has gone.=20 The old URL is still there but with an empty file except for the message. The Spamhaus Drop list is now the equivalent of what used to be the=20 Spamhaus eDrop list. Having two entries, one called DROP and one EDROP both pointing to the=20 same list seems pointless to me and potentially confusing for users as=20 they might think they get something different from the two and if they=20 select both they will get two sets of exactly the same IP's. What I can do is to make a modification to the script I added to the=20 update.sh file to check if SPAMHAUS_EDROP=3Don is set in the settings file=20 and then add SPAMHAUS_DROP=3Don to the settings file if it is not set, before removing=20 the references to SPAMHAUS_EDROP. Regards, Adolf. > > Rob Brewer > > >> 'info' =3D> >> 'https://www.team-cymru.com/bogon- > reference', > --=20 Sent from my laptop --===============2810251175022603388==--