virbl.bit.nl, A list of virussending IP's
marks at bit.nl
Fri Sep 19 08:31:53 CDT 2008
Some of you might have heard about or suffered a listing on
virbl.bit.nl. Virbl is a dns-list with IP's of which we (BIT) or one of
the contributors  have received a email with a virus.
We will list an IP after it has sent two virus-emails to one of our
sources. We will remember that you sent those emails for seven days.
IP's will only be listed as long as the last time we 'saw' the IP
sending virusses is less than 24 hours and the total sent emails is
greater than two, in the last seven days.
The goal is to stop infected machines from sending virusses, and stop
relaying-servers from forwarding, bouncing and otherwise deliver
virusses. It does definitely help in preventing the use of useless cou
cycles for scanning mail in your mailsetup.
AS Administrators can login at . A password will be emailed to a
address you select. We look for addresses in the whois-info for your AS.
You can see evidence, suspend hosts from the list and see stats about
We are working on notifications, which will also be configurable in the
We currently use dnswl and the nlwhitelist (a list with the
relay-servers for Dutch ISP's) as a exclude list. If anyone knows
another trustworthy whitelist with relayservers from ISP's, please let
me know so we can think about using that too.
Also, if you're interested in contributing to Virbl, please email me off
list. We prefer consumer ISP's, with some million messages per day. If
you're using MailScanner or Amavisd-new, that would be great.
Offcourse, the use of Virbl is free. See  on howto use it.
Links to http://virbl.bit.nl/
Mark Schouten, Unix/NOC-engineer
BIT BV | info at bit.nl | +31 318 648688
MS8714-RIPE | B1FD 8E60 A184 F89A 450D A128 049B 1B19 9AD6 177FF
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part
More information about the NANOG