?

Log in

No account? Create an account

fanf

A ratelimit idea

« previous entry | next entry »
23rd Jul 2008 | 10:28

senji suggested ratelimiting email based on the MD5 checksum of any attachments, with the goal of slowing down an email virus attack. I think this might be feasible so I'm noting it here as a sort of public to-do list entry...

| Leave a comment | Share

Comments {3}

Paul Wright

from: pw201
date: 23rd Jul 2008 23:11 (UTC)

Sort of DCC in reverse (assuming you're talking outbound mail). The DCC does reasonably well on inbound viruses not by looking at the attachments, but at the body that the virus encloses to try to get you to open them (that is, the hash-based checksums are not catching inbound viruses for me, but the "fuzzy" ones are).

Reply | Thread

Tony Finch

from: fanf
date: 23rd Jul 2008 23:40 (UTC)

The interesting thing about Senji's idea is that it avoids the difficult part of DCC and Razor, i.e. that they have to use a fuzzy checksum to deal with the natural (or deliberate) variability of email. I'm assuming that virus polymorphism is much lower.

Reply | Parent | Thread

the fuzzy part

from: ext_71155
date: 26th Jul 2008 14:06 (UTC)

I would completely agree with that for the most part viren modify their vector and not the payload but some of the more successful viren certainly do use techniques such as word etc it would be interesting to see the statistics from a large mail host

Reply | Parent | Thread