I came across a useful tool (freeware) at http://www.jhsoft.com/ which is for editing a DNS blacklist. By using RSYNC we got a copy of the APEWS dataset and opened it up using the above tool, great. For some people it might be easier to edit APEWS data for their own purposes in order to reduce false positives or blacklist more IPv4 than APEWS currently covers. There are reports of L2.APEWS.ORG dataset catching between 95% and 99% of all spam so that shouldn't take much editing to tailor it for any one system.
Some DNS blacklist databases separate the type of blacklisting by using a code number in the dns record of the listed IP address e.g. an email spam sender IP might get a DNSBL response of 127.0.0.3, a spam relay IP could show as 127.0.0.4 but a trojan hosting website IP come back with 127.0.0.5. Those different 127.0.0.* IP addresses can be used for filtering email or other traffic by e.g. using the "3" and "4" for an inbound email stream but the "5" for outbound HTTP traffic i.e. preventing users getting to the trojan host. However it looks like APEWS dataset returns just one reply to queries "L2.APEWS.ORG TTL=(35) A=[127.0.0.2]".
Looking through the listings and reviewing the comments that used to be written in the earlier records, we can see some groups of "Cases" that may be useful to some people if C number can be obtained. It should even be possible to extract the relevant data to build smaller datasets specific to a need. The groups of Cases and their text descriptors etc will be published shortly.
