After updating the virus signatures on 5/2/05 our virus scanner started tagging messages composed in html from MS Outlook as being infected with an HTML/ObjData@expl virus. This caused about 500 messages to be placed in the quarantine rather than be delivered. I spoke with two customers yesterday who mentioned missing e-mails.
Late last night I took a sample of a few of the messages and reviewed the embedded html. I didn't find anything virus like. I then wrote a script to move the messages back into the spool for delivery. About 300 messages where re-delivered last night. This morning I re-ran my script and moved the remaining 200 messages.
The updated virus signatures fixed the issue of false positives this morning. All mail has been delivered. Messages are being delivered as normal.
On a side note. Please be cautious of any .zip type attachments. The sober.o/p viruses are enbedding infected .pif files that when execute create quite a mail volume. We have been catching a large volume of these yesterday and today (10 time normal).