I'm a NOD32 license holder. I'm running NOD32 2.5 beta on XP home, SP2. When I first installed NOD32 on my machine, I ran the Eicar test and it passed them all. That includes detecting the Zip and Zip2 files before opening. Today I ran the Eicar E-mail test at, http://www.aleph-tec.com/eicar/index.php When I received the test e-mails, NOD32 popped up with the warnings. It did not detect the Zip files that were sent until I opened them. I know that is no big deal really, because the infected file can't harm you until you open it. What I'm curious about is, why NOD32 detects the Eicar zip files at the Eicar site before they are opened, but doesn't detect the Eicar zip files that are received through e-mail until you open them. I'm pretty sure I have everything set up in NOD pretty tight.