hey , can I work on this issue

@san-coding thank you, we welcome help. You can reference this past PR for an example of removing MalwareDomains from rita-bl. I believe it just involves deleting two files.

• activecm/rita-bl#9
• https://github.com/activecm/rita-bl/blob/master/sources/lists/dns-bh.go
• https://github.com/activecm/rita-bl/blob/master/sources/lists/dns-bh_test.go

Since the actual changes are fairly straightforward we'd ask that you test them as well. I think the following tests plus anything else you think of:

• Run a rita import with the changes on some Zeek logs and make sure there are no errors in the log file for the blacklist analysis. This will make sure people with a new installation don't have issues.
• Run a rita import while still having the old MalwareDomains.com: true entry in the config file and make sure there are no errors in the log file. This will make sure that people with this setting in their current installations don't have issues.

If you need some sample Zeek logs let us know.

Thanks, I do need some sample week logs

Will setting MalwareDomains.com: false

And setting UseDNSBH bool yaml:"MalwareDomains.com" default:"false" fix the issue