Hi everybody,
I'm still new to IntelMQ.
Could anyone tell me what to do about the following error (highlighted) in the Malware-Domain-List-Parser:
Failed to parse line. Traceback (most recent call last): File "/usr/local/lib/python3.7/dist-packages/intelmq/lib/bot.py", line 978, in process events = list(filter(bool, value)) File "/usr/local/lib/python3.7/dist-packages/intelmq/bots/parsers/malwaredomainlist/parser.py", line 21, in parse_line event.add("time.source", row[0].replace('_', ' ') + " UTC") File "/usr/local/lib/python3.7/dist-packages/intelmq/lib/message.py", line 249, in add raise exceptions.InvalidValue(key, old_value) intelmq.lib.exceptions.InvalidValue: invalid value ' UTC'
Bedste hilsner/regards
Henrik Jensen
TeleDCIS
Tlf: +45 35 88 82 84
Mobil: +45 93 51 00 03
Mail: hj@teledcis.dkmailto:hj@teledcis.dk
www.teledcis.dk
Dear Henrik,
On 2/18/21 8:45 AM, Henrik Jensen - TeleDCIS wrote:
Could anyone tell me what to do about the following error (highlighted) in the Malware-Domain-List-Parser:
Failed to parse line. Traceback (most recent call last): File "/usr/local/lib/python3.7/dist-packages/intelmq/lib/bot.py", line 978, in process events = list(filter(bool, value)) File "/usr/local/lib/python3.7/dist-packages/intelmq/bots/parsers/malwaredomainlist/parser.py", line 21, in parse_line event.add("time.source", row[0].replace('_', ' ') + " UTC") File "/usr/local/lib/python3.7/dist-packages/intelmq/lib/message.py", line 249, in add raise exceptions.InvalidValue(key, old_value) *intelmq.lib.exceptions.InvalidValue: invalid value ' UTC'*
It looks like there have been breaking changes at the malware domain list feed. The URL http://www.malwaredomainlist.com/updatescsv.php returns an empty text, therefore parsing fails.
The website doesn't show any current information. Maybe the feed has been discontinued?
best regards Sebastian
Dear all,
On 2/18/21 9:32 AM, Sebastian Wagner wrote:
** It looks like there have been breaking changes at the malware domain list feed. The URL http://www.malwaredomainlist.com/updatescsv.php returns an empty text, therefore parsing fails.
The website doesn't show any current information. Maybe the feed has been discontinued?
Does anyone know if http://www.malwaredomainlist.com/ is still active? I haven't yet discovered any discontinuation notice on the webpage and the forum. If the feed stopped, we can remove the feed and parser completely, otherwise we should fix the parser to handle that.
best regards Sebastian
It looks like there have been breaking changes at the malware domain list feed. The URL http://www.malwaredomainlist.com/updatescsv.php returns an empty text, therefore parsing fails.
The website doesn't show any current information. Maybe the feed has been discontinued?
Does anyone know if http://www.malwaredomainlist.com/ is still active? I haven't yet discovered any discontinuation notice on the webpage and the forum. If the feed stopped, we can remove the feed and parser completely, otherwise we should fix the parser to handle that
I don't know precisely when it might have stopped working, but we noticed no new data arriving in late 2019 and the Wayback Machine suggests it stopped updating well before that.
Chris
Dear Chris,
On 3/1/21 6:33 AM, Chris Horsley wrote:
It looks like there have been breaking changes at the malware domain list feed. The URL http://www.malwaredomainlist.com/updatescsv.php returns an empty text, therefore parsing fails.
The website doesn't show any current information. Maybe the feed has been discontinued?
Does anyone know if http://www.malwaredomainlist.com/ is still active? I haven't yet discovered any discontinuation notice on the webpage and the forum. If the feed stopped, we can remove the feed and parser completely, otherwise we should fix the parser to handle that
I don't know precisely when it might have stopped working, but we noticed no new data arriving in late 2019 and the Wayback Machine suggests it stopped updating well before that.
Thank you for the detailed information.
We can then safely remove the parser and update the (feed) documentation accordingly.
kind regards Sebastian
Hi Henrik,
Am Donnerstag, 18. Februar 2021, 08:45:56 CET schrieb Henrik Jensen - TeleDCIS:
"/usr/local/lib/python3.7/dist-packages/intelmq/bots/parsers/malwaredomainl ist/parser.py", line 21, in parse_line event.add("time.source", row[0].replace('_', ' ') + " UTC") File "/usr/local/lib/python3.7/dist-packages/intelmq/lib/message.py", line 249, in add raise exceptions.InvalidValue(key, old_value) intelmq.lib.exceptions.InvalidValue: invalid value ' UTC'
from seeing the exception I guess that the file you are parsing is missing something where the parser expects a time value. (Others probably can help you better, if you state the version of Intelmq used, the setup of the parser and the beginning of the file you are trying to parse.)
Maybe this guess already helps you! :) Regards, Bernhard
