Don't you think that this is mainly to protect people who read their email in, say, a web browser, and would get infected by the javascript doing it's thing when it's rendered? In other words, sounds like foresight, not tight timeframe. -----Original Message----- From: Diane Poremsky [mailto:drcp@xxxxxxxxxxxx] Sent: Friday, September 21, 2001 11:06 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Blocking .eml files http://www.ISAserver.org FWIW, it's not just scanmail. Antigen did the same thing and nearly caused a flame war on another list - I would guess it's the same with all the enterprise scanners. It makes me wonder how tight it is - would a small change in the script get past the scanners? :) -----Original Message----- I hope you read my previous post (included below), mystery solved. ScanMail is rather cautious in its cleaning up of this virus. It causes a false alert if the JavaScript from the web page part of the infection is included in an email. The funny thing is I got this code from the NT BUGTRAQ list which is co sponsored by Trend Micro. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: slebrun@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')