MEF: Malicious Email Filter: A UNIX Mail Filter that Detects Malicious Windows Executables

Matthew G. Schultz; Eleazar Eskin; Erez Zadok; Manasi Bhattacharyya; Salvatore Stolfo

MEF: Malicious Email Filter: A UNIX Mail Filter that Detects Malicious Windows Executables
Schultz, Matthew G.
Eskin, Eleazar
Zadok, Erez
Bhattacharyya, Manasi
Stolfo, Salvatore
Computer Science
Permanent URL:
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, June 25-30, 2001, Boston, Massachusetts, USA (Berkeley, Calif.: USENIX Association, 2001), pp. 245-252.
We present Malicious Email Filter, MEF, a freely distributed malicious binary filter incorporated into Procmail that can detect malicious Windows attachments by integrating with a UNIX mail server. The system has three capabilities: detection of known and unknown malicious attachments, tracking the propagation of malicious attachments and efficient model update algorithms. The system filters multiple malicious attachments in an email by using detection models obtained from data mining over known malicious attachments. It leverages preliminary research in data mining applied to malicious executables which allows the detection of previously unseen, malicious attachments. In addition, the system provides a method for monitoring and measurement of the spread of malicious attachments. Finally, the system also allows for the efficient propagation of detection models from a central server. These updated models can be downloaded by a system administrator and easily incorporated into the current model. The system will be released under GPL in June 2001.
Computer science
Item views:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use