senji suggested ratelimiting email based on the MD5 checksum of any attachments, with the goal of slowing down an email virus attack. I think this might be feasible so I'm noting it here as a sort of public to-do list entry...
The interesting thing about Senji's idea is that it avoids the difficult part of DCC and Razor, i.e. that they have to use a fuzzy checksum to deal with the natural (or deliberate) variability of email. I'm assuming that virus polymorphism is much lower.
I would completely agree with that for the most part viren modify their vector and not the payload but some of the more successful viren certainly do use techniques such as word etc it would be interesting to see the statistics from a large mail host
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
branchandroot
no subject
Date: 2008-07-23 23:40 (UTC)the fuzzy part
Date: 2008-07-26 14:06 (UTC)