In message <006c01c383e5$51ffe4a0$6403c80a(a)uranus.clear.co.nz>, "Barry Murphy" writes:

Hmm, I just had one of the MS update viruses slip through, how many variants of this are there? 1Kb file ;/

I've seen several copies of Swen which have come through in "neutered" form, with the executable atachment either completely missing, or the MIME headers there for it but no encoded body, or a very short encoded body. (The only reason they're getting through is because of that: I'm filtering on the executable's MIME encoding, amongst other things.) As far as I can tell they're not varients so much as the email having been through some sort of (transparent?) email filter which stripped off the executable attachement. One of my clients had a bit of a panic over one of those "neutered" versions getting in (with a 78 byte attachement instead of the executable), but it all turned out to be harmless. That said, they were planning on adding more filter rules, just to avoid confused users (and the resulting flood of calls into the helpdesk). Of course I suspect there'll be a few more copycats before the year is out. Ewen