New service - the Team Cymru Malware Hash Registry!

Alex Broens ms-list at
Wed Oct 29 11:49:06 GMT 2008

On 10/29/2008 12:07 PM, Steve Freegard wrote:
> Alex Broens wrote:
>> On 10/28/2008 9:22 PM, --[ UxBoD ]-- wrote:
>>> Hmmmm ... won't things get expired though Alex if they have not been
>>> looked up in a while ? surely hashes will remain the same dependant
>>> on the construct of the file ?
>> IMO:
>> The floods last a few hours.
>> cymru's rbldnsd entries have a TTL of 1800s
>> a few extra queries are still cheaper than I/O and mantaining 
>> expiration on the local hash file, iow: you have nothing to do and 
>> watch locally.
>> There is a reason why some of the big AV guys are taking this path
>> (McAfee Artemis)
>> Alex
> If enough people were interested in participating by donating spam/virus 
> trap feeds, then it would be relatively straightforward to provide fresh 
> hashes of both malware and spam via two separate DNS based lists.

May I pass on this?
I already have a similar hobby .-)


More information about the MailScanner mailing list