Open jarelllama opened 3 months ago
Great to see!! Mind if I link to your repo in the README as well?
Thanks for the positive response! Go ahead.
Also I might as well explain some of the changes:
# Ignore rules with specific payload keywords. See here:
# https://docs.suricata.io/en/suricata-6.0.0/rules/payload-keywords.html
# Note 'endswith' is accepted as those rules tend to be wildcard matches of root domains.
# Ignore IP addresses
# Remove leading periods ('endswith' rules)
# Convert to lower case
# Remove whitelisted domains
mawk '!/^#/ && /dns[\.|_]query/ && !/content:!/ && !/startswith/ &&
!/offset/ && !/distance/ && !/within/ && !/pcre/'
...
I had to rewrite your script from scratch in Bash, I hope you don't mind that. I've kept most of your README intact. Please do have a look and let me know your thoughts!
Hi, I appreciate the creation and idea of this blocklist. I was one of the first few people to recommend this list to Hagezi. I have forked this blocklist and am maintaining it with my own code to implement the ABP syntax to make use of wildcard matching in Pihole and AdGuard. I also automatically remove dead domains and redundant rules.
I initially just wanted to include the emerging-phishing rules in Jarelllama's Scam Blocklist but figured I might as well maintain the malware rules too.
The fork can be found here: https://github.com/jarelllama/emerging-threats-pihole
I have kept the original licenses in the repo and blocklist. If you dislike/disagree with any part of the fork, please do let me know.