
24 Août 2009 Changes (HHH)
--------------------------

  1. Action:	White list rule for MySpace
     Added:	GoodDomains[i++] = "myspacecdn.com";		// PROXY - 2009-07-27
     Reason:	False positives.

  2. Action:	Removed install rule
     Date:	2009-07-28
     Removed:	// BadURL_WordStarts[i++] = "install";
			// YOUR CHOICE Malware - 2009-06-10
     Reason:	WAY TOO MANY FALSE POSITIVES!

  3. Action:	white-list rule
     Added:	GoodDomains[i++] = "haloscan.com";		// scan - 2009-08-03
     Reason:	scan - as best as I can tell they help manage your
		blog, make it easier to enter info, etc.  Why the
		name haloscan is a MYSTERY!  It makes it sound like
		a tracker (which it isn't except in a known sort
		of way).

  4. Action:	dropped dot
     From:	GoodDomains[i++] = ".hosts-file.net";
     To:	GoodDomains[i++] = "hosts-file.net";		// 2009-08-03
     Reason:	No reason to have it and I was right next to it with
		haloscan.com.

  5. Action:	exclusion for a host with "codec" in its name
     Added:	GoodDomains[i++] = "codecguide.com";		// codec - 2009-08-12
     Reason:	Has RealPlayer alternative.

  6. Action:	Tracker scripts & images 
     Added:	BadURL_Parts[i++] = "tracker\.[(j|p)]";
			// YOUR CHOICE Tracker - 2009-08-14
     From:	BadURL_Parts[i++] = "tracker\.[(j|p)]";
     To:	BadURL_Parts[i++] = "tracker\.[(g|j|p)]";
     Reason:	Was in a host name where we could not RTS host but wanted
		tracker gone.  I have subsequently modfied it to have a
		"g" for tracker.gif, "j" for tracker.jpg & tracker.js,
		and "p" for tracker.php.

  7. Action:	Added a ton of white-list rules for security companies
     Added:	
--------------------------------
GoodDomains[i++] = "agnitum.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "agnitum.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "agnitum.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "agnitum.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "aladdin.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "aladdin.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "aladdin.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "aladdin.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "avast.com";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "avast.com";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = ".avg.com";			// SECURITY - 2009-08-17
GoodDomains[i++] = "avgfrance.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = ".avg.com";			// SECURITE - 2009-08-17
GoodDomains[i++] = "avgfrance.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "avira.com";			// SECURITY - 2009-08-17
GoodDomains[i++] = "avira.fr";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "avira.com";			// SECURITE - 2009-08-17
GoodDomains[i++] = "avira.fr";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "bitdefender.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "bitdefender.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "bitdefender.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "bitdefender.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = ".ca.com";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = ".ca.com";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "clamav.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "clamav.net";		// SECURITY - 2009-08-17
GoodDomains[i++] = "clamav.org";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "clamav.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "clamav.net";		// SECURITE - 2009-08-17
GoodDomains[i++] = "clamav.org";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "clamwin.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "clamwin.fr";		// SECURITY - 2009-08-17
GoodDomains[i++] = "clamwin.org";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "clamwin.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "clamwin.fr";		// SECURITE - 2009-08-17
GoodDomains[i++] = "clamwin.org";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "comodo.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "comodo.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "drweb-online.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "drweb.com";			// SECURITY - 2009-08-17
GoodDomains[i++] = "drweb.fr";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "drweb-online.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "drweb.com";			// SECURITE - 2009-08-17
GoodDomains[i++] = "drweb.fr";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "emsisoft.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "emsisoft.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "emsisoft.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "emsisoft.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "eset-nod32.fr";		// SECURITY - 2009-08-17
GoodDomains[i++] = ".eset.com";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "eset-nod32.fr";		// SECURITE - 2009-08-17
GoodDomains[i++] = ".eset.com";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = ".ewido.net";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = ".ewido.net";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = ".f-prot.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = ".f-prot.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = ".f-prot.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = ".f-prot.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "f-secure.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "f-secure.fr";		// SECURITY - 2009-08-17
GoodDomains[i++] = "f-secure.net";		// SECURITY - 2009-08-17
GoodDomains[i++] = "f-secure.org";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "f-secure.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "f-secure.fr";		// SECURITE - 2009-08-17
GoodDomains[i++] = "f-secure.net";		// SECURITE - 2009-08-17
GoodDomains[i++] = "f-secure.org";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "free-av.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "free-av.de";		// SECURITY - 2009-08-17
GoodDomains[i++] = "free-av.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "free-av.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "free-av.de";		// SECURITE - 2009-08-17
GoodDomains[i++] = "free-av.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "gdata.de";			// SECURITY - 2009-08-17
GoodDomains[i++] = "gdata.fr";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "gdata.de";			// SECURITE - 2009-08-17
GoodDomains[i++] = "gdata.fr";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "grisoft.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "grisoft.cz";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "grisoft.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "grisoft.cz";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "jetico.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "jetico.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "jotti.org";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "jotti.org";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "kaspersky-labs.org";	// SECURITY - 2009-08-17
GoodDomains[i++] = "kaspersky.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "kaspersky.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "kaspersky-labs.org";	// SECURITE - 2009-08-17
GoodDomains[i++] = "kaspersky.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "kaspersky.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "kerio.com";			// SECURITY - 2009-08-17
GoodDomains[i++] = "kerio.eu";			// SECURITY - 2009-08-17
GoodDomains[i++] = "kerio.fr";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "kerio.com";			// SECURITE - 2009-08-17
GoodDomains[i++] = "kerio.eu";			// SECURITE - 2009-08-17
GoodDomains[i++] = "kerio.fr";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "lavasoftusa.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "lavasoftusa.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "mcafee.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "mcafee.fr";			// SECURITY - 2009-08-17
GoodDomains[i++] = "mcafeesecurity.com";	// SECURITY - 2009-08-17
----
GoodDomains[i++] = "mcafee.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "mcafee.fr";			// SECURITE - 2009-08-17
GoodDomains[i++] = "mcafeesecurity.com";	// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "microsoft.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "microsoft.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "nod32.com";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "nod32.com";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "norton.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "norton.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = ".panda.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "pandaguard.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "pandasecurity.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "pandasoftware.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "pandasoftware.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = ".panda.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "pandaguard.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "pandasecurity.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "pandasoftware.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "pandasoftware.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "pc-cillin-zone.com";	// SECURITY - 2009-08-17
----
GoodDomains[i++] = "pc-cillin-zone.com";	// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "pctools.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "pctools.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "pestpatrol.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "pestpatrol.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "secuser.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "secuser.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "secuser.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "secuser.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "sophos.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "sophos.fr";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "sophos.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "sophos.fr";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "sourceforge.net";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "sourceforge.net";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "sunbelt-software.com";	// SECURITY - 2009-08-17
GoodDomains[i++] = "sunbeltsoftware.com";	// SECURITY - 2009-08-17
----
GoodDomains[i++] = "sunbelt-software.com";	// SECURITE - 2009-08-17
GoodDomains[i++] = "sunbeltsoftware.com";	// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "sygate.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "sygate.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "symantec.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "symantec.fr";		// SECURITY - 2009-08-17
GoodDomains[i++] = "symantecliveupdate.com";	// SECURITY - 2009-08-17
----
GoodDomains[i++] = "symantec.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "symantec.fr";		// SECURITE - 2009-08-17
GoodDomains[i++] = "symantecliveupdate.com";	// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "trend-micro-zone.com";	// SECURITY - 2009-08-17
GoodDomains[i++] = "trendmicro-europe.com";	// SECURITY - 2009-08-17
GoodDomains[i++] = "trendmicro.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "trendmicrozone.com";	// SECURITY - 2009-08-17
----
GoodDomains[i++] = "trend-micro-zone.com";	// SECURITE - 2009-08-17
GoodDomains[i++] = "trendmicro-europe.com";	// SECURITE - 2009-08-17
GoodDomains[i++] = "trendmicro.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "trendmicrozone.com";	// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "virscan.org";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "virscan.org";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "virus.org";			// SECURITY - 2009-08-17
----
GoodDomains[i++] = "virus.org";			// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "virustotal.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "virustotal.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "visnetic.com";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "visnetic.com";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "webroot.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "webroot.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "webroot.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "webroot.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "www3.ca.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "www3.ca.com";		// SECURITE - 2009-08-17
	NOT NEEDED - the ".ca.com" rule clears it
--------------------------------
GoodDomains[i++] = "zonealarm.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "zonealarm.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "zonealarm.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "zonealarm.fr";		// SECURITE - 2009-08-17
--------------------------------
GoodDomains[i++] = "zonelabs.com";		// SECURITY - 2009-08-17
GoodDomains[i++] = "zonelabs.fr";		// SECURITY - 2009-08-17
----
GoodDomains[i++] = "zonelabs.com";		// SECURITE - 2009-08-17
GoodDomains[i++] = "zonelabs.fr";		// SECURITE - 2009-08-17
--------------------------------
     Reason:	They should never  be blocked.

  8. Action:	More white list rules for security sites
     Added:	GoodDomains[i++] = ".avp.ru";			// SECURITY - 2009-08-18
		GoodDomains[i++] = "checkpoint.com";		// SECURITY - 2009-08-18
		GoodDomains[i++] = "checkpoint.com.cn";		// SECURITY - 2009-08-18
		GoodDomains[i++] = "kaspersky.com.cn";		// SECURITY - 2009-08-18
		GoodDomains[i++] = "kaspersky.ru";		// SECURITY - 2009-08-18
		GoodDomains[i++] = "symantec.com.cn";		// SECURITY - 2009-08-18
		GoodDomains[i++] = "symantec.com.ru";		// SECURITY - 2009-08-18
		GoodDomains[i++] = "symantec.ru";		// SECURITY - 2009-08-18
     Reason:	They should never  be blocked.

  9. Action:	Added some new tracker rules
     Added:	BadDomains[i++] = ".adisn.com";			// Tracker - 2009-08-19
		BadDomains[i++] = ".omtrdc.net";		// Tracker - 2009-08-19
		BadURL_WordStarts[i++] = "omnidiggthis";	// Tracker - 2009-08-19
     Reason:	

 10. Action:	ruler-domains.com is using a hashing redirector?
     Added:	BadNetworks[i++] = "64.111.196.117,	255.255.255.255";
			// HASH REDIR - 2009-08-21
     Reason:	pornneo.com ostensibly shows up as being parked at
		ruler-domains.com.  The IP address of 213.174.138.248
		belongs to AdvancedHosters so it probably is a park,
		BUT WHAT ARE THEY DOING USING A HASHING REDIRECTOR AT
		AN IP ADDRESS NOBODY SEEMS TO OWN?

 11. Action:	Updgraded tacoda rule
     Date:	2009-Aug-23 18:37 UTC
     From:	BadHostParts[i++] = "tacoda";			// AdServer - 2009-04-27
     To:	BadURL_Parts[i++] = "tacoda";			// AdServer - 2009-08-24
     Reason:	It showed up at a plain jane akami server.  If I find
		it again I will report it to Airelle - A PROMISE!  But
		he has to promise to remove the host once the tacoda
		script at that host and other threats disappears.

 12. Action:	Added PERSONAL rule that may become public
     Date:	2009-Aug-23 18:43 UTC
     Added:	BadDomains[i++] = ".bidsystem.com";
		// PRIVUS Tracker - 2009-08-24
     Reason:	Another host in this domain  (atl.my.bidsystem.com)
		showed up in an escapee pseudo park domain.
		{ 2010-01-23:  It became public.  Here is the latest
		in my PHTTPD logs:
		Sun Dec 20 2009 03:12:55:
		kc.mv.bidsystem.com/bin/findwhat.dll?clickthrough
		Feel free to disagree with me but I WON'T remove the
		rule.  I doubt it will lead to malware (like TinyURL
		they will stop anybody that tries to abuse it) but
		it does track. So if you want it removed, remove it
		yourself. }

24 Août 2009 UNresolved False Positives (HHH)
---------------------------------------------

	NONE

24 Août 2009 RESOLVED False Positives (HHH)
-------------------------------------------

  1. Pattern:	"xxx"
     Date:	Thu Jul  2 12:54:45
     Rules:	BadURL_Parts[i++] = "xxx";
     Reason:	www.fujitsu.com/downloads/COMP/fcpa/hdd/\
		discontinued/mhv2xxxbh_maint-manual.pdf
		(you may want to drop the rule to hosts level)
     Solution:	Do nothing.  I had two about two days apart and since
		then have had nothing.  Before then I had nothing.  LIVE
		with it.  If others don't like it they can drop it but
		the rule has saved me more times than there has been
		false positives so just document the others and live
		with the rules.  Eventually, people have to learn that
		xxx has a pretty bad meaning on the Internet and should
		not be used.