> John, which AV software checks to see if the URL leads to a malcious site? The AV software will not follow the URL, rather the URL in the body, or the HTML coding calling it, is a part of the virus signature used in the definition file. Example, there is the known Object Data Exploit or Vulnerability. This is easily found by see the HTML coding string starting with < O B J E C T (spaces added for security) wherebuy it calls and downloads (attempts) what ever is at that URL. I think it was BagleR that first used it, and the way the AV software caught the message as infected was because the URL string including the object part was part of the signature of the virus. John Tolmachoff Engineer/Consultant/Owner eServices For You