New service - the Team Cymru Malware Hash Registry!

Alex Broens ms-list at
Wed Oct 29 08:27:20 GMT 2008

On 10/28/2008 9:22 PM, --[ UxBoD ]-- wrote:
> Hmmmm ... won't things get expired though Alex if they have not been
> looked up in a while ? surely hashes will remain the same dependant
> on the construct of the file ?


The floods last a few hours.
cymru's rbldnsd entries have a TTL of 1800s
a few extra queries are still cheaper than I/O and mantaining expiration 
on the local hash file, iow: you have nothing to do and watch locally.

There is a reason why some of the big AV guys are taking this path
(McAfee Artemis)


More information about the MailScanner mailing list