[Dshield] Johannes: Any Interest in a DShield RHSBL?

Johannes B. Ullrich jullrich at sans.org
Tue Feb 10 11:42:07 GMT 2004


It may work if you can reliably parse the last received header. Will
have to think about how this fits into our model. At this point, it
probably shouldn't be a high priority project (first have to fix the
DLink and FW-1 stuff)



On Sun, 2004-02-08 at 12:55, David Cary Hart wrote:
> Just a thought.
> 
> Many of us are probably rejecting mail with potentially dangerous
> attachments through mime header checks. It would be very easy to parse
> mail server logs and submit them to DShield. It doesn't look like a list
> of clients would produce a bunch of false positives (but I could be
> wrong).
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040210/968dc6da/attachment.bin


More information about the list mailing list