+1.813.321.0987

NON-COMMERCIAL BLOCK LISTS

Protection Against Malware and Ransomware

Block Lists for the Security Community Since 2005

We offer non-commercial block lists in formats compatible with several of the most commonly used open source DNS, firewall, IPS/IDS and AV platforms – SpamAssassin, ClamAV, and SquidGuard, among others. These lists include verified data for active malware and ransomware.

non-commercial subscription

Configuration guides for several commonly used systems are available on our website. If you still need help, check out our tech support options. Or, better yet, write a configuration guide (that we don’t already have) and submit it to us for a FREE Basic Defense Block List subscription (valued at $40/year).
 

Participate and Protect Others

The Malware Patrol project began over a decade ago as a group sharing malicious URLs. This community, more active than ever, continues to collect, analyze, and monitor malware. We gladly provide a platform and resources to facilitate the collection and distribution of our community’s data because we believe that information sharing is one of the most effective ways to fight cyber threats.

Send your suspect emails and URLs to void@malware.com.br or set up a spam trap. All submissions are verified hourly and any new malicious URLs will be immediately added to our block lists. A single submission could help protect thousands of users — and our regular contributors are eligible for a FREE Basic Defense Block List subscription (valued at $40/year).

COMMERCIAL USER?

If you plan to use our data to protect your customers, a commercial license is required.

Block Lists Subscription Options 

Free Guard

Contains the last 7 days of malware URLs from our database, updated EVERY 72 HOURS. Available in the formats listed below. This data is for non-commercial use by any individual, group or organization.

Basic Defense

Contains the last 15 days of malware URLs from our database, updated EVERY 4 HOURS. Non-commercial use only. The subscription fees help us maintain our infrastructure. Options listed below.

Educational Organizations

Educational organizations and regular contributors qualify for free subscriptions to our Basic Defense Block Lists for the protection of their internal users and networks. Request your account here.

Block Lists FAQs

Duplicate Entries

Our lists include what we call “MBL ID”, a unique identifier that correlates to each entry in the database. This number assigned to each entry means our system is actually structured to detect, and therefore avoid, duplicates. Basically, the “MBL_ID” helps us organize and debug the large amount of data in our lists.

The most common report of duplicate entries is related to what appears to be repeated domains or partial URLs. While it may seem that these are duplicates, it is usually the case that there are multiple malware samples hosted in a website’s directory. Each instance of malware on a single domain has its own unique identifier because it represents a different URL, directory, or was detected at a different point in time, for example.

False Positives

The quality of our data is very important to us. We ask that you send reports of false positives to fp (@) malwarepatrol.net. We’ll investigate promptly, update our database (if necessary), and let you know the results.

Please read this before submitting a report:

We often receive false positive reports on domains like docs(.)google(.)com, drive(.)google(.)com, dropbox(.)com and github(.)com. Unfortunately, these sites host bad malware more frequently than ever. To further complicate things, systems like Google Docs serve files from their root directories, forcing some formats of block lists to affect (block) the entire domain.

We understand that it is not always possible to block mainstream websites. To help our customers in this situation, we modified our download script to allow for domain exclusions. These will be applied right after the lists are downloaded. The exact way to do it depends on your environment and configuration, but simple shell commands like ‘cat _filename_ | grep -v _domain_ > _new_file_name_’ can remove entries.

For help automating the removal of domains from block lists, contact our tech support via email – support (@) malwarepatrol.net – and they’ll be happy to help. Please remember to mention the block list you use and how you download it.