That might do it-- I'll have to try it. Basically, I want VBS files (for example) to be blocked just because they're VBS files, and if they're inside a ZIP file, I want the whole ZIP attachment blocked just because it has a VBS file inside. I don't even care if the VBS has a known malware signature-- I just want VBS blocked period. The same goes for EXE, COM, PIF, and so on. So even my sample harmless VBS file should trigger blocking, even if it's hiding inside a ZIP wrapper.