I'd like to have a notification of malware domain hits from pi-hole, either in the admin console or via email if possible.
Please provide more detail on what you mean by
I noticed updating the lists pi-hole downloads a malware black list. I'd like to know if a device on my network queries something from that list.
This may be difficult to do as often domains appear in more than one list. Not yet sure how such a routine should look like. I was thinking about a page where you can click on the lists you want to compare with your query log, but that would certainly be some major work. It doesn't have high priority but I'll keep it in mind.
I signed up just to make a suggestion for this feature. I think one solution can be as following;
Add another section in the Dashboard similar to Permitted Domains and Blocked domains. Point of this section is to only show addresses that have been queried and found against another type of list similar to the Blocklist we have right now.
If a domain has been queried that is found in malware list, show it in the suspicious activity section.
If we deemed the suspicious activity is legit, we can then filter it out through the exclude list.