On Wed, 2015-09-02 at 14:12 +0200, Axb wrote:
> afaik, there is no code freely available to [recode the Malware
> Patrol rules], on server or client side.
>
...the translation is easy to do with a simple awk script. Something
like this:
#!/bin/bash
awk '
/body/ { url = substr($3,2);
gsub(/\\/,"",url);
n=length(url);
url=substr(url,1,n-2);
}
/score/ { if ($3 < 3.5) {code=1} else {code=2};
printf("%s IN A 127.0.0.%s\n",url,code);
}
' <$1
There may be a more elegant way of doing it, but this works and, like
all awk scripts, runs fast.
Martin
