This document discusses behavioral malware detection in delay tolerant networks. It proposes using a Naive Bayesian model for behavioral characterization of proximity malware in DTNs. It identifies two challenges for extending Bayesian malware detection to DTNs: insufficient evidence vs evidence collection risk, and filtering false evidence sequentially and distributedly. It proposes the "look-ahead" method to address these challenges, along with two extensions: dogmatic filtering and adaptive look-ahead to address malicious nodes sharing false evidence. The effectiveness of these proposed methods is verified using real mobile network traces.