virbl.bit.nl, A list of virussending IP's
Hi All, Some of you might have heard about or suffered a listing on virbl.bit.nl. Virbl is a dns-list with IP's of which we (BIT) or one of the contributors [1] have received a email with a virus. We will list an IP after it has sent two virus-emails to one of our sources. We will remember that you sent those emails for seven days. IP's will only be listed as long as the last time we 'saw' the IP sending virusses is less than 24 hours and the total sent emails is greater than two, in the last seven days. The goal is to stop infected machines from sending virusses, and stop relaying-servers from forwarding, bouncing and otherwise deliver virusses. It does definitely help in preventing the use of useless cou cycles for scanning mail in your mailsetup. AS Administrators can login at [2]. A password will be emailed to a address you select. We look for addresses in the whois-info for your AS. You can see evidence, suspend hosts from the list and see stats about your AS. We are working on notifications, which will also be configurable in the login-interface. We currently use dnswl and the nlwhitelist (a list with the relay-servers for Dutch ISP's) as a exclude list. If anyone knows another trustworthy whitelist with relayservers from ISP's, please let me know so we can think about using that too. Also, if you're interested in contributing to Virbl, please email me off list. We prefer consumer ISP's, with some million messages per day. If you're using MailScanner or Amavisd-new, that would be great. Offcourse, the use of Virbl is free. See [3] on howto use it. Thanks, Links to http://virbl.bit.nl/ [1] http://virbl.bit.nl/contributors.php [2] https://virbl.bit.nl/login/ [3] http://virbl.bit.nl/usage.php -- Mark Schouten, Unix/NOC-engineer BIT BV | info@bit.nl | +31 318 648688 MS8714-RIPE | B1FD 8E60 A184 F89A 450D A128 049B 1B19 9AD6 177FF
On Fri, 2008-09-19 at 15:31 +0200, Mark Schouten wrote:
AS Administrators can login at [2]. A password will be emailed to a address you select. We look for addresses in the whois-info for your AS. You can see evidence, suspend hosts from the list and see stats about your AS.
We are working on notifications, which will also be configurable in the login-interface.
Notifications are now configurable. We can email you every 12 hours with listed IP's in your network.
Regards, -- Mark Schouten, Unix/NOC-engineer BIT BV | info@bit.nl | +31 318 648688 MS8714-RIPE | B1FD 8E60 A184 F89A 450D A128 049B 1B19 9AD6 177FF
participants (1)
-
Mark Schouten