Mal-dnssearch issue

Hey again all,

Got almost all the intel feeds that I'm looking to get save one...malips. From:

http://blog.bro.org/2014/01/intelligence-data-and-bro_4980.html

I'm running:

mal-dnssearch -M malips -p | mal-dns2bro -T ip -s malips > malips.intel

However the results looks muffed:

head malips.intel
#fields indicator indicator_type meta.source meta.url meta.do_notice meta.if_in
100.42.5Intel::ADDR malips - F -
103.14.1Intel::ADDR malips - F -
103.19.8Intel::ADDR malips - F -

The others all look fine. Again, am I missing a flag or something? Thank you.

James

Some additional info shows that there's a carriage return after the IP...doing a :set list in vim shows:

100.42.50.110^M^IIntel::ADDR^Imalips^I-^IF^I-$

None of the other .intel files show the ^M. Thanks all.

James

Hello James,

Sorry, I've been really busy. Thanks for reporting, I'll look into it.
For any specific issue with the script you can create an issue on
Github and I'll take care of it :slight_smile:

Did so thanks Jon...I'll get work with this off list.

James

Oh you did, awesome. I didn't quite make it to that e-mail :slight_smile:
It's fixed: https://github.com/jonschipp/mal-dnssearch/commit/2b9e5bb6797e1dcfcbf5e6f5368704d18765e2b1