add, sub, adddel, subdel chunks
73 views
Skip to first unread message
Andre
Mar 5, 2012, 10:50:21 PM3/5/12
to Google Safe Browsing API
I hope someone can clear this for me.
From what I understand, we have to store add and sub chunks locally.
Is this correct?
If a prefix is in the add chunk and also in the sub chunk, then we can
assume the url is safe. Is this correct?
What if the prefix matches only the add chunk or only the sub chunk?
Here we ask for the full hash or can we assume the URL is malicious?
As for the adddel and subdel, these just say which chunks from the add
or sub chunks we should delete from our local database correct?
Thanks in advance.
From what I understand, we have to store add and sub chunks locally.
Is this correct?
If a prefix is in the add chunk and also in the sub chunk, then we can
assume the url is safe. Is this correct?
What if the prefix matches only the add chunk or only the sub chunk?
Here we ask for the full hash or can we assume the URL is malicious?
As for the adddel and subdel, these just say which chunks from the add
or sub chunks we should delete from our local database correct?
Thanks in advance.
Garrett Casto
Mar 6, 2012, 2:10:58 PM3/6/12
to google-safe-...@googlegroups.com
On Mon, Mar 5, 2012 at 7:50 PM, Andre <and1...@gmail.com> wrote:
I hope someone can clear this for me.
From what I understand, we have to store add and sub chunks locally.
Is this correct?
Yes.
If a prefix is in the add chunk and also in the sub chunk, then we can
assume the url is safe. Is this correct?
Mostly true. You have to make sure that the sub chunk refers to the add chunk that is matched as well. For instance, a site might get owned, clean up the malware without fixing the underlying vunerability, and then get owned again. So the hash prefix for the site might show up on our list in three different chunks, two add chunks and a sub chunk. Even though it matches a sub chunk it should still be considered malicious.
What if the prefix matches only the add chunk or only the sub chunk?
Here we ask for the full hash or can we assume the URL is malicious?
You have to get the full hash before determining if anything is bad. If it just matches a sub chunk you can ignore it.
As for the adddel and subdel, these just say which chunks from the add
or sub chunks we should delete from our local database correct?
Yes.
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To post to this group, send email to google-safe-...@googlegroups.com.
To unsubscribe from this group, send email to google-safe-browsi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-safe-browsing-api?hl=en.
Reply all
Reply to author
Forward
0 new messages