This isn't really a NetBSD question, but perhaps someone can give me a
yea/nae to it.  

My latest antivirus idea is to have postfix burst MIME messages, and run
md5(1) on each attachment.  It will compare the digest to a set of known
digests; if the attachment it known, it will be deleted.  If the message
contains only known attachments, the message itself will be rejected.  

Is this possible?  

As I am sent each new virus, I'll add it to my list of known digests.  I
recognized mydoom fairly early in the cycle; it would have been trivial to
extract it once and add its digest to my list of known pests.  

I even think this idea would be useful to ISPs.  When mail volume rises by
an order of magnitude, and  90% of the traffic includes the same
attachment, the ISP could mark the mail as virus-laden, park the
attachment somewhere, and provide a URL to it.  In my imagination, this
would happen automatically, thus preventing virii from getting much
traction.  In the event the messages were bona fide (say, Kennedy is shot
or something), the human recipients would still have the means to retrieve
the attachment.  

But, whether or not anyone else would adopt my strategy, I'd still like to
know: is it feasible?  

TIA.  

--jkl