[Mimedefang] patch to add blocking of encrypted email via uv scan
David F. Skoll
dfs at roaringpenguin.com
Tue Dec 9 12:24:19 EST 2003
On Tue, 9 Dec 2003 WBrown at e1b.org wrote:
> It would slow the virus from propagating though, because it would have to
> encrypt each version sent separately.
Encryption could be a problem. It is possible to write a polymorphic
virus that has essentially no "signature". That is, it's possible to
write a virus that mutates itself such that two different mutations
have no pattern in common longer than a couple of bytes (and that's
too short to trigger on without heaps of false-positives.)
I'm somewhat surprised we haven't seen a virus kit that does this, but
we probably will within the next few years.
Regards,
David.
More information about the MIMEDefang
mailing list