New service - the Team Cymru Malware Hash Registry!
steve.freegard at fsl.com
Wed Oct 29 11:07:34 GMT 2008
Alex Broens wrote:
> On 10/28/2008 9:22 PM, --[ UxBoD ]-- wrote:
>> Hmmmm ... won't things get expired though Alex if they have not been
>> looked up in a while ? surely hashes will remain the same dependant
>> on the construct of the file ?
> The floods last a few hours.
> cymru's rbldnsd entries have a TTL of 1800s
> a few extra queries are still cheaper than I/O and mantaining expiration
> on the local hash file, iow: you have nothing to do and watch locally.
> There is a reason why some of the big AV guys are taking this path
> (McAfee Artemis)
If enough people were interested in participating by donating spam/virus
trap feeds, then it would be relatively straightforward to provide fresh
hashes of both malware and spam via two separate DNS based lists.
More information about the MailScanner