Fog Creek Software
Discussion Board




RSS Feed for Virus Alerts?

Is anyone aware of an RSS feed that provides timely virus alerts?

We get various virus and update alerts emailed to us, but we wanted something that comes in XML so that we can programatically make a determination of the threat of the virus and then have the software page or phone IT staff.

Any ideas?

John Abernathy
Thursday, September 04, 2003

Maybe Symantic or AVG will have a service like that - if they do not, try suggesting it to them.

It is a good idea that I'm sure will be started sooner rather than later.

Ram Dass
Thursday, September 04, 2003

We don't need yet another way to be notified.  The problem is not lack of notification.  It is lack of action on the part of the computer owners and the software manufacturer

Mike
Thursday, September 04, 2003

"We don't need yet another way to be notified."

Well, we do. Thank you very much.

As I stated in my post, we want to parse the XML so we can make the determination which alerts get sent to the IT staff's pager, phone, etc immediately, and which alerts can be handled on their own time.

John Abernathy
Thursday, September 04, 2003

Why can't you just set up an Inbox rule for your email alerts?  You could script this pretty easily using MAPI, no?

Ankur
Thursday, September 04, 2003

"As I stated in my post, we want to parse the XML so we can make the determination which alerts get sent to the IT staff's pager, phone, etc immediately, and which alerts can be handled on their own time."

And how would it being an RSS feed do this? Sounds like a vague connotation of how a technology will provide a miracle solution.

Anonymous Cowboy
Thursday, September 04, 2003

"And how would it being an RSS feed do this? Sounds like a vague connotation of how a technology will provide a miracle solution. "

Time to whip out the crayons and coloring books, I see....

Because an RSS feed is XML....
Because we can parse XML...
Because we can parse XML, we can examine the alert level of a particular vulnerability or virus.
Because we can write a simple application that could parse the XML, and notify the IT staff if the alert level is sufficient.

All of the notification services that we've seen simply spam us with all kinds of alerts that we can handle during normal business hours. We want a way to filter the critical virus alerts or vulnerabilities that need to be acted upon immediately.

John Abernathy
Thursday, September 04, 2003

"Why can't you just set up an Inbox rule for your email alerts?  You could script this pretty easily using MAPI, no? "

Yes, for the most part we can and this is what we will end up doing more than likely.

Having an XML document that we can parse would provide us with a little more flexibility if it identified the type of threat, the level of threat, etc. We could then notify the appropriate teams.

I was hoping to see an xml doc that outlined the type of threat, operating systems affected, level of threat, etc.

Setting up the rules in the inbox allows us to do basic routing, but the various services all use different formats and they aren't very consistent.

John Abernathy
Thursday, September 04, 2003

RSS in itself won't contain data about the severity and threat level of a virus except for inside the body of the text.
So, though you can parse XML, to get that sort of metadata you will just be parsing text. You can parse the text of an email body as easily as you can parse the text of an RSS item.

Might be time to put the crayons away and work on that chip on your shoulder.

Damian
Thursday, September 04, 2003

"Time to whip out the crayons and coloring books, I see...."

Ah, a technology idealist. Well guess what, cowboy, a grep with some regular expressions of an email virus alert will give you that much information and _more_. You sound like a little kid in a technology store giddy about how that toy is going to change everything.

Anonymous Cowboy
Thursday, September 04, 2003

It seems a fairly reasonable request to me, and making the request doesn't prevent grepping mail either.

One of the problems I have with virus notification by email is that from time to time it gets filtered as spam because of all of the advertising jargon.

Simon Lucy
Friday, September 05, 2003

"RSS in itself won't contain data about the severity and threat level of a virus except for inside the body of the text. "

Fair enough. I mistakenly believed that the XML document in the RSS feed could contain tags such as <virustype>,<alertlevel>, etc.

I complete overlooked the fact that RSS has it's own schema.

And to anonymous cowboy..No, it wasn't seeking technology for technology' sake. I made a mistake in my understanding of how something worked.

Thank you for acting like the typical complete asshole when someone asked a question. Rather than insulting me with your first post, perhaps you could have explained why it wouldn't work. Ahh, that's right. It's much easier to act like an asshole when you are completely anonymous on a message board.

John Abernathy
Friday, September 05, 2003

less than 30 seconds on Google resulted in the followinf rss feed courtesy of Trend Micro UK:

http://uk.trendmicro-europe.com/enterprise/security_info/rssinfo.php

Anonymous Technologist
Tuesday, February 17, 2004

http://www.sophos.com/virusinfo/infofeed/topten.xml
http://www.sophos.com/virusinfo/infofeed/hoax.xml
http://www.sophos.com/virusinfo/infofeed/tenalerts.xml

these should help.

Claire Thomson
Monday, May 10, 2004

Thanks Claire.  I was looking for these myself.  The Sofos feeds look good and will be quite useful.

Spider1
Wednesday, June 09, 2004

John,
The RSS feed from Trend is teh one that I have on my Desktop RSS Reader.

URL is http://uk.trendmicro-europe.com/enterprise/security_info/rssinfo.php

As for Parsing our the Viruses to get you out of bed, the description tag is nicely formatted as follows;

<description>Updated: 2004-06-14 - RiskRating: Low - PatternFile: 906</description>

This would make it easy to to pick up the RiskRating: High (I dont know thats what they use - just my guess) and send a pager or whatever.

FWIW I like the idea of the RSS feed parsing - it seems cleaner to pull the feed, parse and alert.

Kruiskouter
Wednesday, June 16, 2004

*  Recent Topics

*  Fog Creek Home