I submitted this several days ago... it never made it to the list. I am receiving frequent SMTP virus storms. They last about 30 minutes. The AV software on the ISA server dispatches them... However, one virus got through yesterday while my AV software was updating. W32/Bagle variants Yesterday and today, variants of W32/Bagle - .AT, .AU and .AV. The threat was almost over before it started however, due to an inability for the downloading component to locate a viable copy of its mass-mailer This is the ISA Server alert: The SMTP command exceeded its allowed length NOOP Is this a probe for spam emails and viruses? What can I do to prevent these alerts? I am considering not scanning the SMTP folders so that ISA can drop the offending emails. Thanks in advance for any suggestions? Darryl Janetzki