In article <9344b37f4e.harriet@xxxxxxxxxx>, Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > I'm already deleting them based (by observation) on that same version > and by minimum size - I'm rather assuming they're all coming from a > single infected machine, unless it's a weakness in that specific > Microsoft release that means lots of viruses have got hold of it. So > far I've had 85 spams and no false positives; that's an awful lot of > spam I'd have otherwise had to delete manually. All very short > messages coming from that specific MimeOLE source have been spam. It's just it seems to me to be as reasonable as saying that all users of a particular version of - say - Pluto are creating spam. I don't see why the version of MimeOLE is relevant - I presume all it is is the software that lets another program create an outbound mail message. So I'd expect it to be a symptom of a virus but not part of one. I googled for it; ironically I found an example webpage about what spamassassin does, and at frst I thought - maybe it does indicate spam. But in fact that page showed a sample good mail's headers including that specific one... Of course because so many emails are visible on webpages there are many hits for strings like this. I'm not sure how one would find out what specific product (if any, rather than an internal windows service) has the version string. -- Jeremy C B Nicoll, Edinburgh, Scotland - my opinions are my own.