Real time suspected malware list as detected by InterServer's InterShield protection system.


clamAV Signatures

Example Freshclam Config:

DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
DatabaseCustomURL http://sigs.interserver.net/shell.ldb
DatabaseCustomURL http://sigs.interserver.net/whitelist.fp

TXT format lists

The ip lists servers which have brute forced (ssh, ftp, pop, imap, passwords), spammed, or mark as malicious due to mod_security. To be listed the ip must be detected on multiple servers as malicious.

* IPs from the last 7 days: Standard
* IPs from the last 48 hours: Slim
* All ips currently flagged in the main dns block list: Full

Example Usage in /etc/csf/csf.blocklist with CSF firewall
INTERSERVER|3600|0|https://sigs.interserver.net/ip.txt
or
INTERSERVER|3600|0|https://sigs.interserver.net/ipslim.txt
List of dns based block lists available and example configs of usage

rbl.interserver.net
* main list
* 5 day listing before expire
* not overly broad on blocks ok for an exim dnslists
* tests 2.0.0.127.rbl.interserver.net

Example Usage:
header   INTERSERVER_DNSBL rbleval:check_rbl('int', 'rblspamassassin.interserver.net.')
describe INTERSERVER_DNSBL Listed in dns block list rbl.interserver.net
tflags   INTERSERVER_DNSBL net
score    INTERSERVER_DNSBL 4.0
rblspamassassin.interserver.net
* automatic addition and delisting
* more broad listing. Should be used to increase score but not completely block
* IPs added are ips of mails reported as junk, and mail to spamtraps
* tests 2.0.0.127.rblspamassassin.interserver.net

Example Usage:
header   INTERSERVER_RULE_SPAMMY_NETWORK rbleval:check_rbl('int', 'rblspamassassin.interserver.net.')
describe INTERSERVER_RULE_SPAMMY_NETWORK Listed as Spammy Network in rblspamassassin.interserver.net
tflags   INTERSERVER_RULE_SPAMMY_NETWORK net
score    INTERSERVER_RULE_SPAMMY_NETWORK 0.5
rbluri.interserver.net
* url based blocklist
* url's are listed in outgoing spam messages, or email to spam traps
* tests _DNSBL_.test.rbluri.interserver.net

Example Usage:
urirhssub INTERSERVER_RULE_URIBL_RBLINT rbluri.interserver.net. A 127.0.0.2
body INTERSERVER_RULE_URIBL_RBLINT eval:check_uridnsbl('URIBL_RBLINT')
describe INTERSERVER_RULE_URIBL_RBLINT Contains a URL listed in the uribl at sigs.interserver.net
tflags INTERSERVER_RULE_URIBL_RBLINT net
score INTERSERVER_RULE_URIBL_RBLINT 1.0
goodrbl.interserver.net
* ip based allow list
* ips are common highly reputable senders
* can be used to lower the score on spamassassin * tests 2.0.0.127.goodrbl.interserver.net
header   INTERSERVER_RULE_GOOD_NETWORK rbleval:check_rbl('int', 'goodrbl.interserver.net.')
describe INTERSERVER_RULE_GOOD_NETWORK Good or wellknown network decrease score by 2.1
tflags   INTERSERVER_RULE_GOOD_NETWORK net
score    INTERSERVER_RULE_GOOD_NETWORK -2.1


Malware Full List

Back

Copyright InterServer, Inc - john AT interserver DOT net