topic Many threats for DNS blocklists fresh.fmb.la and support-intelligence.net in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/many-threats-for-dns-blocklists-fresh-fmb-la-and-support/m-p/595350#M2261 <P>Two DNS blocklists used by standard SpamAssassin 4.0 have many Palo Alto threat IDs for wildfire, malware and phishing. Blocklists are not phishing sites but give back DNS values to decide if should be blocked by mailservers or not. Especially needed for evaluation of URIs in mails.</P> <P>/var/lib/spamassassin/4.000000/updates_spamassassin_org/72_active.cf:urirhssub URIBL_RHS_DOB&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dob.sibl.support-intelligence.net&nbsp; A&nbsp;&nbsp; 2</P> <P>/var/lib/spamassassin/4.000000/updates_spamassassin_org/72_active.cf:askdns&nbsp;&nbsp;&nbsp;&nbsp; __FROM_FMBLA_NEWDOM&nbsp;&nbsp;&nbsp; _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.2$/</P> <P>&nbsp;</P> <P>I have submitted quite a few change request for subdomains, e.g. com[.]fresh[.]fmb[.]la, org[.]dob[.]sibl[.]support-intelligence[.]net, netwrix[.]com[.]dob[.]sibl[.]support-intelligence[.]net, telekom[.]de[.]dob[.]sibl[.]support-intelligence[.]net</P> <P>but there are problably many more. Is it possible to get a recursive cleanup of the threat database?</P> Tue, 20 Aug 2024 11:08:32 GMT kivory 2024-08-20T11:08:32Z Many threats for DNS blocklists fresh.fmb.la and support-intelligence.net https://live.paloaltonetworks.com/t5/advanced-threat-prevention/many-threats-for-dns-blocklists-fresh-fmb-la-and-support/m-p/595350#M2261 <P>Two DNS blocklists used by standard SpamAssassin 4.0 have many Palo Alto threat IDs for wildfire, malware and phishing. Blocklists are not phishing sites but give back DNS values to decide if should be blocked by mailservers or not. Especially needed for evaluation of URIs in mails.</P> <P>/var/lib/spamassassin/4.000000/updates_spamassassin_org/72_active.cf:urirhssub URIBL_RHS_DOB&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dob.sibl.support-intelligence.net&nbsp; A&nbsp;&nbsp; 2</P> <P>/var/lib/spamassassin/4.000000/updates_spamassassin_org/72_active.cf:askdns&nbsp;&nbsp;&nbsp;&nbsp; __FROM_FMBLA_NEWDOM&nbsp;&nbsp;&nbsp; _AUTHORDOMAIN_.fresh.fmb.la. A /^127\.2\.0\.2$/</P> <P>&nbsp;</P> <P>I have submitted quite a few change request for subdomains, e.g. com[.]fresh[.]fmb[.]la, org[.]dob[.]sibl[.]support-intelligence[.]net, netwrix[.]com[.]dob[.]sibl[.]support-intelligence[.]net, telekom[.]de[.]dob[.]sibl[.]support-intelligence[.]net</P> <P>but there are problably many more. Is it possible to get a recursive cleanup of the threat database?</P> Tue, 20 Aug 2024 11:08:32 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/many-threats-for-dns-blocklists-fresh-fmb-la-and-support/m-p/595350#M2261 kivory 2024-08-20T11:08:32Z