Hi, Just a heads up to all... I've been getting reports that there is a false positive with with winnow.phish.pt.google.640144. According to the signature decoder, <http://sane.mxuptime.com/s.aspx?id=winnow.phish.pt.google.640144>, the URL will end up matching any Google Apps spreadsheet over SSL if I read the signature correctly. I reported it to OITC for a re-check, but thought people might want to know. -- Derek