Hi Karel, thanks for your ideas. The only problem with your exporting idea to narrow down the offending message is that I have hundreds of nested folders in my database, and the culprit could be in almost any of them (the Powermail Discussions List folder is about the ONLY folder that I can guarantee doesn't have any HTML mail in it).
I tried to work out a way to do a search that would at least list every HTML-bearing message in my database, but couldn't see how to do it. Mainly because the 'Content-Type' header for HTML can be any one of several different things, depending on how the message is put together. I thought I'd try searching for any message who's content did NOT contain the phrase "Content-Type: text.plain" (which assumes that the 'Content' parameter in the search dialogue box includes headers, which is not explicitly stated). But discovered that you can't search for 'does not include the words...' unless you are also searching for some other condition as well -- why is that? Makes no sense to me. Surely "I want to find all messages that DO NOT mention Aubergines" is a perfectly reasonable example of a search request? Maybe not one that would be used often, but why lock it off unless the user puts in other conditions as well? So I tried the following: Content ... includes the exact phrase ... Content-Type Content ... does not include the words ... "text/plain" I also tried it without the apostrophes around text/pain. Neither search gave the result I was after, both showed me lots of messages that had Content-Type: text/plain headers, which implies that PM is not searching the headers (otherwise the second line of my search criteria should ensure that those messages would not appear in the search results). Yes, I had Show Full headers turned on, in case it mattered. Anybody have anything to suggest? How can I perform a search that will find every HTML carrying message in my database (but not the plain text ones)? And, more to the point, how can I ID the specific virus carrying message out of a database of over 38,000 messages? Rick -- G5 2GHz x2 :: 2GB RAM :: 10.4.3 :: PM 5.2.3 :: 3 pane mode Shark Attack: A Design Studio <www.sharkattack.co.uk> -- Original message: Received from Karel Gillissen on 18/2/06 at 16:11 >It is a worm which is only harmful in 'the other side' and is completely >dead on a OSX machine. It is resided in a HTML message and contains some >malicious Java code which does nasty things on a windoze system. >For more info: <http://www.viruslist.com/en/viruses/encyclopedia? >virusid=26268> > >So the best thing to do to be sure it is gone is to remove any non- >relevant html message from your database. >If it is not obvious which message it could be, maybe you could export a >suspicious mailfolder into a bunch of individual messages and run >ClamXav on those messages to pinpoint it. > >Hope this helps, > >Karel