I will give it a try:

A « polymorphic » malware is expected to self-adapt to the environment provided. Thus according to the definition given above, your shall use metamorphic encryptor to alter file signature and propagate into the system.

Since you’re checksuming anyhow on-install and on-updates payload has to be rigorously identical to source-files thus trusted software is expected to be unexposed by default

For the rest of your filesystem altering the MD5 signature is deemed untraceable and a basic 128 bytes code chunk in a random text file or whatever shall introduce network vulnerabilities through à backdoor

If you intend to be ruining the target file system you should not trace network activity but rather alter critical executable such as /bin/chmod to do funny stuff

If you intend to mess with the hardware then alter the kernel through modprobe

each layer of complexity requiring more sophisticated offsec that a standard malware won’t fit

Polymorphic malware remaining malwares you should easily be able to detect and get rid of in non critical use cases

Sincerely