>Dorris,
>
>>Yes, we're very sure about that.
>>and I always answer 'No' to the notification and then go view the mail in preview.
>
>After reviewing the virus code, I can see how an infection can happen without opening the attachment. The virus sends an HTML version of the email message that hooks into the display's ONMOUSEOUT and KEYPRESS events.
>
>This looks like email readers configured with a 3-pane display, which shows folders on the left, list of messages on the top, and a preview pane on the bottom, would actually render the HTML in the preview. Moving the mouse over the preview and out again would trigger the ONMOUSEOUT event and a KEYPRESS event could happen from a keystroke while the preview pane has focus.
>
>Or opening the message and then hitting a key or moving the mouse out of the display area (such as to click the X to close the display) could trigger the virus code to run.
>
>I may be missing something here, but I think I've read the code correctly, and I'm alerting my clients now to disable any 3-pane views they have configured -- just in case.
>
>Comments, anyone?

Good point David, it would be nice to know if these condition would cause the virus to activate. As for 3-pane, we use it here and so far no problems. I would think someone in the department would have caused one of the above triggers to fire.