I haven't been able to figure this one how to do this, so maybe someone else figured it out. This morning I noticed in the threat log that a user received a scam Delta email with an attached trojan. The Outlook integration caught it, stripped the attachment, and dumped the message in the Infected Items folder as it should. The problem is that we outsource our email filtering to a 3rd party company who should have caught this, so I was going to send them a copy of the message along with the attachment so they could update their filters to stop this vector of attack. I look at the quarantine in the Nod32 gui and the malicious attachment isn't there. I look in the logs a few minutes later in the logs and a copy of the attachments (a variant of Win32/Injector.KD trojan if you care) was submitted to Eset for analysis, so a copy of it exists or existed somewhere, I just couldn't figure out how to get to it. So if anyone has instructions on how to get to these threat files that are caught by the email scanner, I would appreciate it so I can submit them to my other security vendor.