1. Field of the Invention
This invention relates to data processing systems. More particularly, this invention relates to the detection of e-mail propagated malware.
2. Description of the Prior Art
Some of the most prolific and damaging computer viruses in recent times have replicated and distributed themselves by use of the victim's e-mail service. The virus is received in an e-mail and when activated serves to replicate and send itself to most, if not all, of the e-mail addresses listed in the victim's e-mail address book. The infected e-mail is then received by another unsuspecting user who again causes it to replicate it propagate.
Network Associates, Inc. provide a server based computer program called Outbreak Manager that operates upon an e-mail server to detect patterns of mail traffic behaviour indicative of such a virus outbreak and progressively to apply counter-measures against that outbreak. This activity necessarily places a data processing load upon the e-mail server and tends to detect a virus outbreak only when this has escalated to at least some extent of mass behaviour.
A further mechanism for suppressing mass mail viruses is described in commonly assigned co-pending Application No.: U.S. Ser. No. 09/678,688, the disclosure of which is incorporated herein by reference.