This is a good point, and it's something that always been something that's worried me at the back of my mind, for the whole point of this section is to convince people to download load code whose meaning is purposely rendered opaque... and then get them to run it!

There are a number of actions, depending on your level of paranoia, that you can take:

• Try and understand how the code works before blindly running it. Use perl -MO=Deparse to reformat the script to something reasonable. Or use Perltidy. Note that some scripts gleefully include syntax contstructs designed to make Deparse melt down on purpose. And code embedded in variables is impervious to this approach.
• Only run code from monks you know, or monks that other monks can vouch for. This means: don't run obfus from someone whose account is less than a month old. Wait until they "prove their worth" with posts in other parts of the monastery. Check their homenode. Find out if they have any other monks who are friends or colleagues. Downside: note that you still can't really be sure where the code came from. The 59 /e obfu was posted by BooK, but that only means it came from a computer that was successfully authenticated against the perlmonks BooK account. That does not necessarily mean Philippe Bruhat, a person I will personally vouch for, actually posted the code.
• Run the code step by step in the debugger. This is a particularly effective method for understanding how the code does its thing. Downside: some scripts gleefully include code to bust the debugger.
• Run the code as nobody, or similar unprivileged account.
• Run the code in a chroot'ed jail.
• Run the code in a Safe compartment.

If you are unsure, wait. Wait until you see replies posted to the node. If in doubt, ask a question in the Chatterbox. If a trojan is ever posted, and one day, one will be, it will be spotted quickly and the appropriate steps will be taken.

Semantic quibble: it's not a problem of viruses per se but rather one of trojans.