Hi there- Had an interesting morning. One of my lists apparently got a virus attachment distributed to it. But, the list is already set to reject attachments. So we had to do some figuring to understand how that happened. And it seems this virus is clever enough to get past an attachment filter. This virus is sent as plain text, but has a SMTP command *inside* that text (begin 666) which causes Outlook (on the recipient's side) to assume this is an attachment, and separates out the bytes into a attachment file, which is the actual virus executable. So the recipient sees the incoming data as an attachment, and Outlook presents it to the reader as such, despite the fact that the email itself was merely plain text. So rejecting attachments doesn't solve the problem. I was looking in the archive and trying to find someone else's commentary on this, but I couldn't find anything. What I want to know is if there is some way I can filter messages for content (specifically that string that makes the virus be assembled into an attachment on the client machine), and remove this risk that way? I know I can use filter keywords to filter out specific users or ISPs, etc., but is there any way to filter for strings in the message body? Thanks in advance for any help! Shannon :-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Shannon Ahern DevelopMentor WebMistress http://www.develop.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Who do you think you are, God?" asked the victim of my cancelbot. I replied, "No. God works in mysterious ways. I follow established protocols." - Richard E. Depew