I’m not sure if I mentioned it here or somewhere else, or frankly at all, but I think and RBL style list to notify people when a virus has been detected from certain IP Addresses could be helpful.
To that point I’m adding this into my list of things I want to write into my mythical perfect email server.
Here is the basic concept:
Using an open source Anti-Virus software package, ClamAV for instance, a script could be easily written to scan emails for viruses and then when a virus is detected to log the IP address that the connection came in from into a database.
That database could then be exported into a series of RBL style DNS servers. The different RBL DNS servers would be different lengths of time that it has been since a virus had been seem from that IP Address. Link 1 day, 3 days 1 week, 2 weeks and maybe even a month, but I think that might be one hell of a penalty box.
IF the script were written properly and placed in the correct order of the server then it could easily keep finding and detecting viruses even if it knew that viruses had come from that IP before. So if a particular IP address sends a virus to this mythical email server once every 23 hours then that IP address would forever be on the 1 day virus list.
By sharing the information about which IP Addresses are sending known viruses it could reduce the chances of being infected yourself, but more importantly it would reduce the chances of others being infected.
Also, the IP Addresses that would end up on this list on a long term basis would not be real email servers. They would tend to be people’s home computers on cable modems and DSL lines. These are the computers most likely to get infected and they are the least likely to ever be scanned or cleaned.
This means that this RBL anti-virus list would have less of a possibility of blocking real email messages then most other RBL lists.