Kavi uses f-prot anti-virus software to scan for viruses and as a contributor to Kavi's spam defenses. f-prot provides an MTA-level mail scanner that plugs directly into qmail. You can more find about f-prot at the Frisk Software International website.

Virus is a generic term for malware (i.e. malicious software) or other content distributed via email including viruses, worms, trojans and hoaxes. There are differences in the way that these types of malware operate, but they all have two things in common: they are designed to cause trouble and are transmitted via email.

Spam doesn't contain malicious code, but it is similar to malware because it is distributed via email and contains unwelcome content. To spammers, email and mailing lists represent an irresistably cheap way of distributing bulk advertisements. The sheer volume of spam flooding the internet is the reason it creates such problems, misappropriating system resources and forcing innumberable users to spend precious time managing the spam in their email accounts. Phishing scams, a relatively new internet phenomenon, can be initiated via spam masquerading as email from a trusted source, such as your organization. The email is designed to mislead the recipient into believing that it is necessary to update personal and account information, and presents a link which takes users to an official-looking site where forms are displayed to capture privileged information such as passwords, credit card numbers, etc. for nefarious purposes.

Virus scanning is based on identifying a unique pattern in malicious software, called a virus signature. Once a virus signature is known, it is added to virus definitions used by anti-virus software such as f-prot. The anti-virus software scans any file that may potentially contain malicious code for virus signatures and if it finds code containing that pattern, confirms the identity of the virus and neutralizes it. Updated f-prot virus signature files are released on an almost weekly basis.

If your list has virus scanning enabled—which most lists should—f-prot will be running in the background and will automatically check email, email attachments and other files on the server as they are opened.

Messages infected by executable malware (all types except hoaxes, which aren't executable) are quarantined and an email notification is sent to warn the sender that the message contained a virus or other malware.

Guarding against spam presents a greater technical challenge than guarding against viruses for a couple of reasons. First, only certain types of files can contain virus or other malware. Secondly, if programming code is going to work, it must be properly structured, which makes it easier to identify by pattern matching to virus definitions. On the other hand, spam can be distributed in any type of file and can take any form, which makes it much more difficult to detect. In fact, it's impossible to completely identify and filter all spam without human intervention (i.e., moderated posting).

That said, there are certain identifiable features that are commonly found in spam. For instance, spammers often broadcast messages in the hope that some of them will resolve to actual mailboxes. When this is the case, the contents of the 'To:' and 'Cc:' field won't match the recipient's email address. Anti-spam software checks to see if these match, and if they don't, it rejects the email.

Spammers frequently send messages with empty 'Subject:' fields, so spam filters check the 'Subject:' field to see if it's empty, and if it is, the message is classified as spam and rejected.

There are certain phrases that frequently appear in spam, such as "low-cost prescription", and spam filters search for these phrases. However, spammers use many tricks to disguise spam, and one of these is to insert nontext characters to obscure the phrase, such as "lo&w-cost pres&cription." Human readers are capable of recognizing the meaning of the phrase, but software, which only matches exact patterns, cannot.

Since there is no guaranteed way to automatically detect spam, moderated posting is recommended.