I know there's a procedure for submitting suspected files to ESET, but this one's a bit perplexing and I'd like to get your feedback. First a little environmental info: XP SP3 Thunderbird 17.0.5 ESET Smart Security 220.127.116.11 Virus Sig 8230 (20130415) Email Client Protection for Thunderbird ENABLED A client received an email containing a small zip that purportedly contained "faxes". Fortunately the client was seasoned enough not to open the zip. Instead he forwarded it to me. I submitted the zip to http://virusscan.jotti.org where ESET positively identified the file as containing a virus "ESET 2013-04-15 Win32/PSW.Fareit.A". Here's my problem... the ESS installation on my client's computer didn't pick up the infection until I attempted to unzip the executable it contained. Is that normal? It seems that ESET should have intercepted the ZIP file attached to the email prior to it making its way to my client's inbox.