Darren Evans-Young wrote:
> Is this possible? And if so, how to prevent it?
>
> Listserv receives a posting for a list containing a virus with a forged
> MAIL FROM: address. Listserv sends the rejected message back to the forged
> address because it isn't subscribed, thereby spreading the virus to a new
> email address.
There are two different situations.
A: Receiving a virus through an SMTP-server. Then it is IMHO the duty of
the SMTP-Server to stop viruses sent by e-mail and not to pass them to
Listserv. Having Listserv perform virus-scanning if your SMTP-Server
could have done it is just plainly broken.
If possible: never accept an e-mail, scan it and then reject it by
sending a bounce-message to the sender. That way you'd spread the virus
to an innocent thrid party, since the sender-address is usually forged.
Either drop that e-mail or (better) have it scanned during transmission
and reject it if you detect a virus. Thus it is the other party's
responsibility to create a bounce and a virus-software, trying to
deliver an e-mail to you just won't do that, thus not hurting any
third-party.

B: Receiving a virus through Listserv-distribute-protocol. Quite ugly,
but there is always a moment where Listserv has to pass the message to
an SMTP-Server, and since your SMTP-Server should scan for viruses
anyway, even that problem is solved.

BTW, I had a look at spam-scanning, as it is implemented by listserv.
The spam-exit seems to be quite horrible and if virus-scanning is
implemented like spam-scanning, it should be avoided if possible.

--
CU,
    Patrick.