Hi All, Seeing as (for some odd reason) the malware people have decided to use double exe extensions, I've added detected for these to foxhole_generic.cdb eg. fax0010029814072014 DOT exe DOT exe Current detection... https://www.virustotal.com/en/file/a6160faf7248a7b17d16fc96dc5c6ee98c53bd65048804394fae07c65e3bb7c2/analysis/1405340460/ Using phish.ndb: fax0010029814072014.zip: Sanesecurity.Malware.23856.ZipHeur.UNOFFICIAL FOUND Cheers, Steve Sanesecurity