[edit: warning - stream of consciousness posting]
If you subscribe to the free version, you'll get access to to the block lists.
They provide preconfigured files for:
- - ClamAV
- Postfix MTA
- SpamAssassin
(there are other files for other programs, but these are the three relevant to efa)
They also provide a script (
https://www.malwarepatrol.net/MalwarePatrolDownload.sh - you may have to log in to get the script) to aid you in downloading the data. You only have to configure two things in the script before you run it.
As the free data is only updated every 2 to 3 days, don't abuse their hospitality and run it more often than that.
Having tried it, it now takes spamassassin lint from 5 seconds to over 735, so I won't be doing that check too often with the rules enabled.
---
Looking further, it appears that ClamAV used to use the Malware Patrol db. In fact, I can see in the log /var/log/clamav-unofficial-sigs.log that it tries to download a block list to: /usr/unofficial-dbs/mbl-dbs/mbl.ndb with the following content:
###################################################################
# WARNING: this block list was discontinued on Oct/07/2013
# according to our previous announcements.
# Users are advised to visit
https://www.malwarepatrol.net/
# for information on how to continue using our data feed.
###################################################################
So, I guess that ClamAV should be the way to integrate the MalwarePatrol block list.
Other info:
cron job:
/etc/cron.d/clamav-unofficial-sigs-cron
script file (
https://sourceforge.net/projects/unofficial-sigs/files/ - not updated since 2013-12-02)
/usr/local/bin/clamav-unofficial-sigs.sh
configuration file
/usr/local/etc/clamav-unofficial-sigs.conf
We should comment out lines 184-186 to avoid trying to download a list we cannot get until the "new" way of getting the data is working.
Also, we should set mbl_update_hours from 6 to 60.
---
The /usr/local/bin/clamav-unofficial-sigs.sh script will need updating to allow for the new way of downloading the MalwarePatrol block list. The relevant lines are between 1265 and 1380.