> The winnow.malware.ts.miscspam.672208 signature decodes to the domain of > a common "click tracking" service used by a very large number of > businesses to send bulk commercial email[1]. > > Hi, Thanks for the report. I've whitelisted using .ign2 on the mirrors, the following signatures: winnow.malware.ts.miscspam.672208 INetMsg.SpamDomain-2m.virtualtarget_com_br Bill/Tom will no doubt look into it later. Cheers, Steve Sanesecurity