New service - the Team Cymru Malware Hash Registry!

Steve Freegard steve.freegard at fsl.com
Wed Oct 29 11:07:34 GMT 2008


Alex Broens wrote:
> On 10/28/2008 9:22 PM, --[ UxBoD ]-- wrote:
>> Hmmmm ... won't things get expired though Alex if they have not been
>> looked up in a while ? surely hashes will remain the same dependant
>> on the construct of the file ?
> 
> IMO:
> 
> The floods last a few hours.
> cymru's rbldnsd entries have a TTL of 1800s
> a few extra queries are still cheaper than I/O and mantaining expiration 
> on the local hash file, iow: you have nothing to do and watch locally.
> 
> There is a reason why some of the big AV guys are taking this path
> (McAfee Artemis)
> 
> Alex

If enough people were interested in participating by donating spam/virus 
trap feeds, then it would be relatively straightforward to provide fresh 
hashes of both malware and spam via two separate DNS based lists.

Regards,
Steve.


More information about the MailScanner mailing list