Every user in our organisation was just sent a fake UPS email with the attachment "USPSLabelDoc.zip". Inside is an EXE weighing in at 36KB. Scanned it using ERA and EMSX 4.2, both came back as "not infected". Not convinced I sent it to VirusTotal, who say: ~ Virus Total Results Removed per Policy - ESET Will See Report ~ According to their site it was first seen 2010-09-27 20:51:39 (UTC)... That's almost 12 hours ago! How come ESET haven't deployed virus defs yet? And why didn't your AH detect this either?