The recent Mac trojan got me thinking about how you would start an infection, viral or otherwise, on Macs since many Mac users are lonely rocks in a sea of Windows.

The method of posting the code as compressed data to a forum of Mac users is the only obvious way of doing it.

I have just tried to fool the forums server into allowing me to post files not on the approved list - and failed. I also tried to post files without an extension and also failed. That's good.

But I can post zip files to the forum - which could contain naughtiness such as a trojan like the above. Personally my policy is to ignore such attachments since I don't know what's in them - everybody posting here should have the same idea (unless you know the poster of course.)

Is there any point in allowing zip attachments since everybody should be avoiding them, and posters who know each other can exchange data by other means?

I think that's a great question, bramley, and I would favor disallowing .zip files. People who want to exchange them could PM each other.

Personally my policy is to ignore such attachments since I don't know what's in them - everybody posting here should have the same idea (unless you know the poster of course.)
If anybody has StuffitDeluxe (I'm sure there are other apps that can do this, though), the StuffitCM will let you control click a zip file and see what's inside without actually opening it.

Also, in the case of Oomp-A, just opening the zip isn't going to do anything to you. You have to double-click what is unzipped.

That being said, I wouldn't be against flat-out preventing .zip files from being posted to the forum, but it might be slight overkill.

The use of ZIP allows files that are otherwise too large (beyond the forums' size limits) to be posted - since the compression reduces the size.
Here's one thread where a zip attachment was used usefully:
http://forums.macosxhints.com/showthread.php?t=47531
Note also that Java JAR files are just a slightly different form of ZIP - usually used for Java stuff but not necessarily.

How about instead of disabling the uploading of zip files, installing this mod: http://www.vbulletin.org/forum/showthread.php?s=&threadid=101090 which'll scan on the server side uploaded zips for viruses? :)