Project

General

Profile

Feature #363

prelude-correlator: spamhaus drop plugin

Added by Anonymous over 13 years ago. Updated over 13 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Yoann VANDOORSELAERE
Target version:
0.9.0
Start date:
09/10/2009
Due date:
% Done:

0%

Resolution:

Description

this is a replica of the dshield plugin, but for the spamhaus drop list. it does require the use of some other python packages for CIDR lookup; so keep that in mind when merging (see attached patch).

double check the installation settings; this was my first attempt at that too.

0001-spamhaus-drop-list-plugin.patch View (5.29 KB) Anonymous, 09/10/2009 03:37 PM

spamhausdrop-patch.txt View - second attempt (4.57 KB) Anonymous, 09/13/2009 09:16 PM

0001-added-spamhausdrop.py-to-plugins.patch View (9.51 KB) Yoann VANDOORSELAERE, 09/14/2009 11:54 AM

Associated revisions

Revision 6ee57df6 (diff)
Added by Wes Young over 13 years ago

Initial SpamhausDrop plugin implementation (closes #363)

History

#1 Updated by Yoann VANDOORSELAERE over 13 years ago

Hi Wes, thanks for the patch!

Here is a quick review:

- The NetCIDR modules have been deprecated in favor of the more widely available netaddr module, check http://oubiwann.blogspot.com/2008/08/netaddr-python-library.html

- The __ipNormalize() function could be removed since it is now unused.

- Could you please add the Dshield plugin copyright, adding your contact to the author lists ?

This is a nice addition, thanks for the contribution!
Might you post an updated patch?

#2 Updated by Anonymous over 13 years ago

re-formulated. They don't have all the features in netaddr that NetCIDR had (at least that's what they said in the doc), but given that it's all but deprecated I just added a few lines using the new netaddr packages and tested it. Appears to work OK.

all the other stuff added as requested.

#3 Updated by Yoann VANDOORSELAERE over 13 years ago

  • File 0001-added-spamhausdrop.py-to-plugins.patch added

Thanks for the update!

Attached is a modified version of your patch, that provides compatibility with earlier netaddr module version, use IPSet() in order to match addresses, and download the initial database on source distribution generation.

Could you please let me know if this modified patch doesn't break anything on your side?
Thanks!

#5 Updated by Yoann VANDOORSELAERE over 13 years ago

  • File deleted (0001-added-spamhausdrop.py-to-plugins.patch)

#6 Updated by Anonymous over 13 years ago

Just tested it in our QA environment; looks OK to me.

#7 Updated by Yoann VANDOORSELAERE over 13 years ago

  • Project changed from PRELUDE SIEM to Prelude Correlator
  • Category deleted (generic)

#8 Updated by Yoann VANDOORSELAERE over 13 years ago

  • Status changed from New to Resolved
  • Assignee set to Yoann VANDOORSELAERE
  • Target version set to 0.9.0

Thanks! Plugin checked into the GIT repository.

Also available in: Atom PDF