On Tue, 30 Aug 2005 17:02:53 -0400, Valdis Kletnieks <[log in to unmask]> wrote: >Absent any definitive evidence that this happens enough to worry about it, I >have to conclude that "virus via the web interface" is a mostly theoretical >issue, Actually, messages posted via the WWW interface (which may now include attachments) are internally handled by turning them into an email that LISTSERV sends back to itself. This means the message thus posted ultimately arrives at LISTSERV the same way as all other incoming messages, as an email. Assuming you are using F-Secure (Linux or Windows) or LISTSERV-AVS (for LISTSERV on other OS) or the new (14.4) "foreign-a/v" A/V checking at LISTSERV itself or some other external A/V checking of the email stream coming into LISTSERV, then the message with the infected attachment posted by the WWW interface should be caught by the email A/V checking process. (Assuming of course your A/V system is up-to-date, etc.)