Darren Evans-Young wrote: > Is this possible? And if so, how to prevent it? > > Listserv receives a posting for a list containing a virus with a forged > MAIL FROM: address. Listserv sends the rejected message back to the forged > address because it isn't subscribed, thereby spreading the virus to a new > email address. There are two different situations. A: Receiving a virus through an SMTP-server. Then it is IMHO the duty of the SMTP-Server to stop viruses sent by e-mail and not to pass them to Listserv. Having Listserv perform virus-scanning if your SMTP-Server could have done it is just plainly broken. If possible: never accept an e-mail, scan it and then reject it by sending a bounce-message to the sender. That way you'd spread the virus to an innocent thrid party, since the sender-address is usually forged. Either drop that e-mail or (better) have it scanned during transmission and reject it if you detect a virus. Thus it is the other party's responsibility to create a bounce and a virus-software, trying to deliver an e-mail to you just won't do that, thus not hurting any third-party. B: Receiving a virus through Listserv-distribute-protocol. Quite ugly, but there is always a moment where Listserv has to pass the message to an SMTP-Server, and since your SMTP-Server should scan for viruses anyway, even that problem is solved. BTW, I had a look at spam-scanning, as it is implemented by listserv. The spam-exit seems to be quite horrible and if virus-scanning is implemented like spam-scanning, it should be avoided if possible. -- CU, Patrick.