Kavi uses f-prot anti-virus software to scan for viruses and as a contributor to Kavi's spam defenses. f-prot provides an MTA-level mail scanner that plugs directly into qmail. You can more find about f-prot at the Frisk Software International website.

Virus is a generic term for malware (i.e. malicious software) or other content distributed via email including viruses, worms and trojans. There are differences in the way that these types of malware operate, but they all have two things in common: they are designed to cause trouble and are transmitted via email.

Spam doesn't contain malicious code, but it is similar to malware because it is distributed via email and contains unwelcome content. To spammers, email and mailing lists represent an irresistibly cheap way of distributing bulk advertisements. The sheer volume of spam flooding the internet is the reason it creates such problems as it misappropriates system resources and forces innumerable users to spend precious time managing the spam in their email accounts. Even if a spam message doesn't contain malicious code, it can be anything but wholesome. For more information, see The malware connection.

Your organization will want to protect its website and users against spam as well as viruses and other malware, but there are no fool-proof prevention methods. Each method has limitations and there are certain trade-offs between ease-of-use and security that need to be considered.

Virus scanning is based on identifying a unique pattern in malicious software, called a virus signature. Once a virus signature is known, it is added to virus definitions used by anti-virus software such as f-prot. The anti-virus software scans any file that may potentially contain malicious code for virus signatures and if it finds code containing that pattern, confirms the identity of the virus and neutralizes it. Updated f-prot virus signature files are released on an almost weekly basis.

If your list has virus scanning enabled—which most lists should—f-prot will be running in the background and will automatically check email, email attachments and other files on the server as they are opened.

Messages infected by executable malware (all types except hoaxes, which aren't executable) are quarantined and an email notification is sent to warn the sender that the message contained a virus or other malware.

Guarding against spam presents a greater technical challenge than guarding against viruses for a couple of reasons. First, only certain types of files can contain virus or other malware. Secondly, if programming code is going to work, it must be properly structured, which makes it easier to identify by pattern matching to virus definitions. On the other hand, spam can be distributed in any type of file and can take any form, which makes it much more difficult to detect. In fact, it's impossible to completely identify and filter all spam without human intervention (i.e., moderated posting).

That said, there are certain identifiable features that are commonly found in spam. For instance, spammers often broadcast messages in the hope that some of them will resolve to actual mailboxes. When this is the case, the contents of the 'To:' and 'Cc:' field won't match the recipient's email address. Anti-spam software checks to see if these match, and if they don't, it rejects the email.

Spammers frequently send messages with empty 'Subject:' fields, so spam filters check the 'Subject:' field to see if it's empty, and if it is, the message is classified as spam and rejected.

There are certain phrases that frequently appear in spam, such as "low-cost prescription", and spam filters search for these phrases. However, spammers use many tricks to disguise spam, and one of these is to insert non-text characters to obscure the phrase, such as "lo&w-cost pres&cription." Human readers are capable of recognizing the meaning of the phrase, but software that is looking for exact pattern matches cannot.

Since there is no guaranteed way to automatically detect spam, moderated posting is recommended.