New service - the Team Cymru Malware Hash Registry!
Alex Broens
ms-list at alexb.ch
Wed Oct 29 08:27:20 GMT 2008
On 10/28/2008 9:22 PM, --[ UxBoD ]-- wrote:
> Hmmmm ... won't things get expired though Alex if they have not been
> looked up in a while ? surely hashes will remain the same dependant
> on the construct of the file ?
IMO:
The floods last a few hours.
cymru's rbldnsd entries have a TTL of 1800s
a few extra queries are still cheaper than I/O and mantaining expiration
on the local hash file, iow: you have nothing to do and watch locally.
There is a reason why some of the big AV guys are taking this path
(McAfee Artemis)
Ale
More information about the MailScanner
mailing list