On 09/02/15 15:48, Martin Gregorie wrote:
On Wed, 2015-09-02 at 14:12 +0200, Axb wrote:
afaik, there is no code freely available to [recode the Malware
Patrol rules], on server or client side.
...the translation is easy to do with a simple awk script. Something
like this:
#!/bin/bash
awk '
/body/ { url = substr($3,2);
gsub(/\\/,"",url);
n=length(url);
url=substr(url,1,n-2);
}
/score/ { if ($3 < 3.5) {code=1} else {code=2};
printf("%s IN A 127.0.0.%s\n",url,code);
}
' <$1
There may be a more elegant way of doing it, but this works and, like
all awk scripts, runs fast.
Didn't mean "recode the MP rules".
I meant to feed a rbldnsd zone from trap traffic, for example.
Still, I'd love to hear that those rules have a ton of hits, but I'm not
holding my breath.
