On Tue, 30 Aug 2005 17:02:53 -0400, Valdis Kletnieks
<[log in to unmask]> wrote:

>Absent any definitive evidence that this happens enough to worry about it, I
>have to conclude that "virus via the web interface" is a mostly theoretical
>issue,

Actually, messages posted via the WWW interface (which may now include
attachments) are internally handled by turning them into an email that
LISTSERV sends back to itself.  This means the message thus posted
ultimately arrives at LISTSERV the same way as all other incoming messages,
as an email.  

Assuming you are using F-Secure (Linux or Windows) or LISTSERV-AVS (for
LISTSERV on other OS) or the new (14.4) "foreign-a/v" A/V checking at
LISTSERV itself or some other external A/V checking of the email stream
coming into LISTSERV, then the message with the infected attachment posted
by the WWW interface should be caught by the email A/V checking process.  
(Assuming of course your A/V system is up-to-date, etc.)