New service - the Team Cymru Malware Hash Registry!

Alex Broens ms-list at alexb.ch
Wed Oct 29 08:27:20 GMT 2008


On 10/28/2008 9:22 PM, --[ UxBoD ]-- wrote:
> Hmmmm ... won't things get expired though Alex if they have not been
> looked up in a while ? surely hashes will remain the same dependant
> on the construct of the file ?

IMO:

The floods last a few hours.
cymru's rbldnsd entries have a TTL of 1800s
a few extra queries are still cheaper than I/O and mantaining expiration 
on the local hash file, iow: you have nothing to do and watch locally.

There is a reason why some of the big AV guys are taking this path
(McAfee Artemis)

Ale


More information about the MailScanner mailing list