> Steve, why are you wanting virtualtarget_com_br removed? I didn't see > it mentioned anywhere is Henrique's email. Hi Bill, Sorry, should have been a bit clearer... Tom's sig: winnow.malware.ts.miscspam.672208:3:*:(2e|2f|40|20|3c)766972747 5616c7461726765742e636f6d2e6272(27|22|20|2f|3d|3e|0a|0d) decodes to: virtualtarget_com_br (replace _ with .) So, thought I'd whitelist from your sigs too, until you could take a look. Cheers, Steve Sanesecurity