Kraken Maldomain
Kraken Maldomain provides malware domain detection feature. It downloads malware domain list from http://malwaredomains.com automatically, and answer to the domain query.
Service Interface
public interface MalwareDomainService {
MalwareDomain match(URL url);
// default directory is data/kraken-maldomain/
void setHomeDir(File path);
// download updated domain list from malwaredomains.com
void update() throws IOException;
// just reload all dataset
void reload();
// count malware domains
int getDomainCount();
}
MalwareDomainService.match(url) returns MalwareDomain, and it contains following data:
public class MalwareDomain {
// domain name
public String getDomain();
// type is not categorized well
// e.g. hamful, iframe, malware, gumblar, koobface, malicious, exploit, threat, pdfexploit, etc..
public String getType();
// reference site
public String getReference();
// verified date
public Date getVerified();
// registered date
public Date getCreated();
// id
public Integer getSeq();
}
Command
- maldomain.check [url]
kraken> maldomain.check http://nlxhhudkvxziktu.com domain=nlxhhudkvxziktu.com, type=malicious, reference=blog.dynamoo.com/, verified=2010-12-11, seq=9280
- maldomain.count
- print number of malware domains
kraken> maldomain.count 9850 domains
- print number of malware domains
- maldomain.reload
- force reload malware domains
kraken> maldomain.reload reloaded all malware domains
- force reload malware domains
- maldomain.update
- force update malware domains (i.e. list download)
Auto-update
kraken> cron.list ==================== Cron Schedule List ==================== [ 5] 0 * * * * / malware-domain-service-0
MalwareDomainService is executed every hour by kraken cron. DefaultMalwareDomainService implements Runnable interface, and run() executes update of malware domain list. If you want to reconfigure update cycle, see Kraken Cron page.
Dependencies
- ipojo 1.4.0
- slf4j-api 1.5.6
- kraken-cron 1.4.0
Author
- shivanes
- xeraph ( xeraph@nchovy.com)
History
- 1.0.0 release (2010-12-23)
