senji suggested ratelimiting email based on the MD5 checksum of any attachments, with the goal of slowing down an email virus attack. I think this might be feasible so I'm noting it here as a sort of public to-do list entry...
Sort of DCC in reverse (assuming you're talking outbound mail). The DCC does reasonably well on inbound viruses not by looking at the attachments, but at the body that the virus encloses to try to get you to open them (that is, the hash-based checksums are not catching inbound viruses for me, but the "fuzzy" ones are).
The interesting thing about Senji's idea is that it avoids the difficult part of DCC and Razor, i.e. that they have to use a fuzzy checksum to deal with the natural (or deliberate) variability of email. I'm assuming that virus polymorphism is much lower.
I would completely agree with that for the most part viren modify their vector and not the payload but some of the more successful viren certainly do use techniques such as word etc it would be interesting to see the statistics from a large mail host
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
branchandroot
no subject
Date: 2008-07-23 23:11 (UTC)no subject
Date: 2008-07-23 23:40 (UTC)the fuzzy part
Date: 2008-07-26 14:06 (UTC)