Centralized Email Virus Filters?

Matt Hamilton asks: "With yet another email trojan/virus going around (Naked Wife) I am looking for some way to simplify filtering of these messages. I currently run Exim on our companies servers and have a filter that filters about 20 virii based upon subject lines and strings contained in the body. Very simple, but works against alot of mass-email virii. I was wondering, is there a centralised database of current email virii/trojans and their subject/body signatures that can be exported to various MTA filtering mechanisms (sendmail, exim, procmail, etc.). Or perhaps a step further, some sort of central DB that can be accessed directly realtime by the MTA (similar to RBL, ORBS, etc.) so that updates are automatic."

May Not be Necessary

[K-Man]

One thing about Spam and email viruses has always perplexed me: why are they so hard to stop? Humans have no problem recognizing the problem: thousands of identical emails to everyone, whether from a single source, for spam, or to and from random users, for worms.

It's not that hard to calculate a checksum of each message body that goes through a mail or news server. Once a particular checksum value appears, say, 100 times in a short period (or in 10 newsgroups, etc.), you know you have a problem. At this point you could simply warn the user that the same message has hit X number of other people, from Y number of senders, so Joe Schmoe probably did *not* just send her a picture of his naked wife, or you could simply block that checksum until things die down.

Maybe there's something I'm missing here.