On Fri, 19 Apr 2024 15:39:39 +0200, Adolf Belka wrote:
- ALIENVAULT has not been updated since at least Nov 2022 but probably
earlier. There is no date for the file to be downloaded but a forum user has log messages from Nov 2022 that indicate the file had not changed as therefore no download occurred.
- AT&T aquired AlienVault in August 2018. Somewhere between 2018 and
2022 the list stopped getting updated. AlienVault references on the AT&T website are now for a different product.
- Discussed in IPFire conf call of April 2024 and agreed to remove the
ALIENVAULT blocklist.
- On Apr 10th the Spamhaus eDROP list was merged with the Spamhaus DROP
list. The eDROP list is still available but is now empty. Trying to select the SPAMHAUS_EDROP list gives an error message that the blocklist was found to be empty.
- This patch removes both the ALIENVAULT and the SPAMHAUS_EDROP lists
from the ipblocklist sources file.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/ipblocklist/sources | 12 ------------ 1 file changed, 12 deletions(-)
diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources index be0cf0229..0835c0f9c 100644 --- a/config/ipblocklist/sources +++ b/config/ipblocklist/sources @@ -55,12 +55,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis 'parser' => 'ip-or-net-list', 'rate' => '12h', 'category' => 'reputation' },
'SPAMHAUS_EDROP' => { 'name' => "Spamhaus ExtendedDon't Route or Peer List",
'url' =>'https://www.spamhaus.org/drop/edrop.txt',
'info' =>'https://www.spamhaus.org/drop/',
'parser' => 'ip-or-net-list','rate' => '1h','category' => 'reputation' }, 'DSHIELD' => { 'name' => 'Dshield.org Recommended Block List', 'url' => 'https://www.dshield.org/
block.txt',
'info' => 'https://dshield.org/',@@ -106,12 +100,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis 'parser' => 'ip-or-net-list',, 'rate' => '1h', 'category' => 'application' },
'ALIENVAULT' => { 'name' => 'AlienVault IPReputation database',
'url' =>'https://reputation.alienvault.com/reputation.generic',
'info' =>'https://www.alienvault.com/resource-center/videos/what-is-ip-domain-
reputation',
'parser' => 'ip-or-net-list','rate' => '1h','category' => 'reputation' }, 'BOGON' => { 'name' => 'Bogus address list (Martian)', 'url' => 'https://www.team-cymru.org/
Services/Bogons/bogon-bn-agg.txt',
It would appear that SPAMHAUS_EDROP has been merged into SPAMHAUS_DROP list.
"; This list has been merged into https://www.spamhaus.org/drop/drop.txt ; Spamhaus EDROP List 2024/04/19 - (c) 2024 The Spamhaus Project ; https://www.spamhaus.org/drop/edrop.txt ; Last-Modified: Fri, 19 Apr 2024 13:49:21 GMT ; Expires: Sat, 20 Apr 2024 13:49:21 GMT ; EOF
I think it would be better to change the URL in the sources list from:
https://www.spamhaus.org/drop/edrop.txt
to
https://www.spamhaus.org/drop/drop.txt
Rather than just remove the list from the sources file.
Rob Brewer
'info' => 'https://www.team-cymru.com/bogon-
reference',