(apologies for sending this to Steve directly by accident). Recently we got a really bad phish attempt with a URL in plain text. The URL triggers Safebrowsing both in Firefox and Chrome, but for some reason clamav does not seem to trigger anything. I use a good set of rules and when running clamscan in debug mode, clearly see that they are all being loaded, including safebrowsing. All of course updated as well. But the copy of the email reports no infections at all. BTW, all three tests (subject, html and txt) work and are detected... Have not submitted the form to any one else, but can send it if anyone is interested. TIA. -- °((( = (( ===°°° ((( ================================================