New service - the Team Cymru Malware Hash Registry!
Alex Broens
ms-list at alexb.ch
Wed Oct 29 11:49:06 GMT 2008
On 10/29/2008 12:07 PM, Steve Freegard wrote:
> Alex Broens wrote:
>> On 10/28/2008 9:22 PM, --[ UxBoD ]-- wrote:
>>> Hmmmm ... won't things get expired though Alex if they have not been
>>> looked up in a while ? surely hashes will remain the same dependant
>>> on the construct of the file ?
>>
>> IMO:
>>
>> The floods last a few hours.
>> cymru's rbldnsd entries have a TTL of 1800s
>> a few extra queries are still cheaper than I/O and mantaining
>> expiration on the local hash file, iow: you have nothing to do and
>> watch locally.
>>
>> There is a reason why some of the big AV guys are taking this path
>> (McAfee Artemis)
>>
>> Alex
>
> If enough people were interested in participating by donating spam/virus
> trap feeds, then it would be relatively straightforward to provide fresh
> hashes of both malware and spam via two separate DNS based lists.
May I pass on this?
I already have a similar hobby .-)
Alex
More information about the MailScanner
mailing list